Skillv1.0.0

ClawScan security

newsnow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 4:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions claim a Node CLI and ask you to run or npx-install code from npm, but the registry metadata does not declare the install or the PRODUCTHUNT_API_TOKEN env var it mentions and no source/homepage is provided — this mismatch and the implicit npx install are concerning.
Guidance: This skill's README expects you to install/run a Node package (npx newsnow) but the registry gives no package URL, homepage, or install spec and fails to declare the PRODUCTHUNT_API_TOKEN env var it mentions. Before installing or running this skill: 1) find the npm package name and publisher and verify the project homepage/source code and maintainer reputation; 2) avoid supplying secrets (API tokens) until you confirm the package's source and intent; 3) prefer running npx in an isolated environment (container or sandbox) and inspect the fetched package contents before execution; 4) if you can't find a trustworthy upstream (GitHub project, homepage, clear publisher), treat the package as untrusted and do not run it.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes a Node.js CLI (newsnow) and explicitly says "Requires npm install" / suggests using npx. The registry entry, however, declares no install spec, no source/homepage, and no required binaries. That mismatch (describing a package but providing no origin or install instructions) is disproportionate to the stated purpose because an agent or user following the README would fetch code from npm with npx without the registry vetting where it comes from.
Instruction Scope: noteThe instructions themselves are narrowly scoped to running the newsnow CLI and using --json; they do not instruct reading unrelated files or exfiltrating data. However they direct the operator/agent to run npm/npx to fetch external code at runtime (implicit network fetch and execution), which expands the attack surface beyond a pure instruction-only skill.
Install Mechanism: concernThere is no install spec in the registry, yet SKILL.md requires npm install / suggests npx. That means the expected install comes from the public npm registry (or npx resolving a package) but the package name, publisher, and homepage are not provided in the skill metadata — making it unclear what will be downloaded and executed. Instruction-only skills that tell agents to npx unknown packages create higher risk.
Credentials: concernSKILL.md lists PRODUCTHUNT_API_TOKEN as required for the producthunt source, but the registry's required env vars list is empty. This inconsistency means an agent or user may be asked for a secret that wasn't declared up-front. The single env var is plausible for Product Hunt integration, but it should be declared in the metadata.
Persistence & Privilege: okThe skill does not request persistent presence (always:false) and does not appear to modify other skills or agent configs. Autonomous invocation is allowed (default) but not combined with other high-privilege requests.