Skillv1.0.0

ClawScan security

Prompt Evaluation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 12:49 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's README-style instructions describe a Node-based prompt-evaluation tool that requires model access (e.g., gpt-4) and local scripts, but the package declares no binaries, install steps, or required credentials — the pieces are inconsistent.
Guidance: This skill's documentation describes running a Node tool (evaluate.js) and calling LLMs like gpt-4, but the package includes no code, no install steps, and no declared API credentials. Before installing or using it, ask the publisher to: 1) provide the evaluate.js source or a clear install spec (npm package or GitHub release), 2) list required binaries (Node) and any npm deps, and 3) explicitly declare which environment variables or API keys are needed and why. Until you get that, avoid running commands that fetch or execute unknown code; if you must test, do so in a sandboxed environment and review the evaluate.js code for network calls or credential handling. If the author cannot justify the missing pieces, treat the skill as incomplete and potentially unsafe.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes running node evaluate.js and using models like 'gpt-4' to score prompts, but the skill metadata lists no required binaries (node), no install spec to provide evaluate.js, and no credentials for model APIs. A prompt-evaluation tool would legitimately need Node (or an install) and LLM API keys; those are missing.
Instruction Scope: concernRuntime instructions tell the agent to execute local commands that access prompt files, golden sets, and produce reports (node evaluate.js ...). Because no evaluate.js or install is provided, an agent might try to create, download, or otherwise obtain code at runtime. The instructions also implicitly depend on an LLM provider (gpt-4) but don't specify how credentials or endpoints are supplied.
Install Mechanism: noteThere is no install spec (instruction-only). That is low risk by itself, but inconsistent with the commands shown which require a Node script and potentially npm packages. The absence of an install/source means the agent would need external code (downloaded or user-provided) to function.
Credentials: concernThe skill references models (scoringModel: 'gpt-4') and cost/token estimation, which normally require API keys (e.g., OPENAI_API_KEY) and possibly billing info. Yet requires.env is empty and no primary credential is declared. This omission is disproportionate and ambiguous about where credentials should come from.
Persistence & Privilege: okThe skill does not request persistent/always-on presence and uses default invocation settings. It does not declare modifications to other skills or system-wide settings.