Skillv1.0.0

ClawScan security

Mcp Skill Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only wrapper for the Exa MCP web-research tools; its declared scope, lack of installs/credentials, and embedded guardrails are internally consistent with that purpose.
Guidance: This skill appears coherent and low-risk as delivered (instruction-only, no installs, no credentials). Before installing: 1) Verify the skill's origin (source/homepage is missing) so you know who authored it. 2) Confirm whether your environment needs to supply Exa MCP credentials or network access — the SKILL.md mentions mcp.exa.ai but does not declare credentials. 3) Test it in a restricted/sandboxed agent to observe actual network calls and ensure it doesn't leak sensitive prompts. 4) Observe the guardrails in SKILL.md (they're sensible) and require per-request consent for any long-running 'deep_researcher_start' operations. If you need higher assurance about provenance, request a published source or upstream repository before deployment.

Review Dimensions

Purpose & Capability: okThe name and description claim to wrap Exa's MCP for web search and research; the SKILL.md enumerates matching tools (web_search_exa, deep_search_exa, crawling_exa, company_research_exa, etc.). There are no unrelated required binaries, environment variables, or config paths requested, so the required surface matches the stated purpose. (The source/homepage are missing, which reduces provenance but does not create an internal inconsistency.)
Instruction Scope: okSKILL.md is instruction-only and directs the agent to use the listed MCP tools. It includes explicit security guardrails (SSRF handling, bulk-enumeration limits, refusal for corporate espionage, per-request consent for deep research). It does not instruct the agent to read arbitrary local files, system credentials, or to exfiltrate data to unexpected endpoints.
Install Mechanism: okThere is no install spec and no code files to write to disk; this is the lowest-risk pattern (instruction-only). No downloads, package installs, or custom binaries are specified.
Credentials: okThe skill declares no required environment variables, credentials, or config paths, which is proportional to an instruction-only wrapper. One caveat: the SKILL.md references an external endpoint (https://mcp.exa.ai/mcp); any real integration may require API credentials or network access that are not declared here — the lack of declared credentials is consistent with an instruction-only skill but means you should verify any runtime wiring before enabling it in a production agent.
Persistence & Privilege: okThe skill does not request always:true and does not declare system-wide configuration changes. It is user-invocable and allows normal autonomous invocation (platform default) but does not demand elevated persistent privileges.