Back to skill
Skillv1.0.13
ClawScan security
Wavye · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 8:58 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with a CLI-based 'solopreneur OS' that needs a Wayve API key and the Wayve CLI; nothing obvious is asking for unrelated credentials or system access.
- Guidance
- This skill is internally coherent: it expects the Wayve CLI and an API key and will save user planning data to the Wayve backend. Before installing or using it: 1) Confirm you trust the npm package publisher (consider pinning a specific version rather than @latest and review the CLI's source code if available). 2) Understand that giving WAYVE_API_KEY and any push-channel tokens means those values will be sent to and stored by Wayve (the docs state they encrypt delivery credentials). 3) If you don't want to hand over bot/webhook tokens, use the 'pull' channel option (no external credentials). 4) Watch for automations the agent proposes — SKILL.md requires explicit consent for background jobs; only approve jobs you want scheduled. 5) If you need higher assurance, run the CLI in a sandboxed environment and audit network traffic or inspect the published package before use.
Review Dimensions
- Purpose & Capability
- okThe skill is a CLI-driven integration with the Wayve service. It requires the 'wayve' binary and a single primary env var (WAYVE_API_KEY) which aligns with saving/retrieving user data, automations, and knowledge. Required binaries, env var, and declared install (npm package @gowayve/wayve-cli) are proportionate to the stated purpose.
- Instruction Scope
- okSKILL.md consistently instructs the agent to run wayve CLI commands, read the provided reference files, and persist data via the CLI. It explicitly requires user confirmation before collecting third-party delivery credentials (telegram bot token, webhook URLs, etc.). The instructions do not ask the agent to read unrelated system files or unrelated environment variables, nor to exfiltrate data to unexpected endpoints; the flows focus on Wayve API/CLI usage.
- Install Mechanism
- noteInstall is via an npm package (@gowayve/wayve-cli@latest) that creates the 'wayve' binary. Using a public npm package is expected for a CLI, but registry packages carry supply-chain risk (e.g., malicious or compromised packages). No downloads from arbitrary URLs or extract steps are present.
- Credentials
- noteThe skill declares a single required environment variable (WAYVE_API_KEY) which is appropriate. The skill also instructs the agent to collect delivery-channel credentials (bot tokens, webhook URLs) from the user when setting up push automations — this is explained and guarded by an explicit consent step in the docs, but it does mean sensitive third-party credentials will be transmitted to and stored by Wayve if the user provides them.
- Persistence & Privilege
- okalways is false. The skill can create automations (agent routines / scheduled push notifications) via the Wayve CLI, but SKILL.md repeatedly requires explicit user confirmation before scheduling background jobs or collecting credentials. Autonomous invocation is allowed (platform default) but there is no 'always: true' or other elevated privilege requested by the skill.