Skillv1.0.0

ClawScan security

Snowsand Confluence · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 10:33 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill code and docs match a Confluence Cloud CLI and require standard Confluence credentials, but the registry metadata does not declare those required secrets and the package has an unknown source—this mismatch and lack of publisher information is concerning.
Guidance: What to consider before installing: - The included script and SKILL.md legitimately require CONFLUENCE_BASE_URL, CONFLUENCE_USER_EMAIL, and CONFLUENCE_API_TOKEN, but the skill registry metadata does not declare these—ask the publisher to correct metadata so required secrets are visible before you install. - The source/homepage is unknown and there is no published owner info; prefer skills with a verifiable publisher or repo. - If you proceed, create a service account or API token with the minimum permissions needed (avoid admin tokens) because the CLI supports destructive operations (delete/purge). - Review scripts/confluence.py yourself (it is included and readable) and test in an isolated environment or sandbox first. - Confirm that CONFLUENCE_BASE_URL points to your trusted Atlassian instance (the skill will send all requests to that URL). If the publisher cannot explain the metadata omission or provide a reputable source, avoid installing.

Review Dimensions

Purpose & Capability: noteName/description, SKILL.md, and scripts/confluence.py are coherent: they implement a Confluence Cloud REST API CLI (spaces, pages, attachments, comments, labels, CQL). However the registry metadata lists no required environment variables or primary credential while the SKILL.md and the script both require CONFLUENCE_BASE_URL, CONFLUENCE_USER_EMAIL, and CONFLUENCE_API_TOKEN. That metadata omission is an inconsistency.
Instruction Scope: okSKILL.md instructs the agent to call the included scripts/confluence.py and to set Confluence-specific env vars; the runtime instructions and CLI operations focus on Confluence API endpoints. The instructions do not ask the agent to read unrelated system files or contact external endpoints beyond the user-provided CONFLUENCE_BASE_URL.
Install Mechanism: okThere is no install spec or external download; the skill is instruction/code-only and includes the Python script bundled with the skill. No remote installers, archive downloads, or unusual install locations are used.
Credentials: concernThe script requires three sensitive environment variables (CONFLUENCE_BASE_URL, CONFLUENCE_USER_EMAIL, CONFLUENCE_API_TOKEN) which are appropriate for the declared purpose, but the registry metadata does not declare any required env vars or primary credential. That lack of declared required credentials reduces transparency and is a red flag. Also the skill will perform destructive actions (delete/purge pages, delete attachments) if given credentials with broad permissions—least-privilege credentials are advisable.
Persistence & Privilege: okThe skill does not request always: true and does not modify other skills or system-wide configs. Default autonomous invocation is allowed (platform default), which is expected for a utility skill; combined with the credential concerns above it increases potential impact but is not by itself unusual.