Skillv1.0.0

ClawScan security

segundo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 5:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (storing data under ~/.segundo and optionally using OpenAI or a local Ollama endpoint) matches its description, but the package metadata omits required runtime/install details and doesn't declare the environment variables it references — plus there is no source or install mechanism — so you should verify origin and secrets handling before installing.
Guidance: This skill appears to do what it says (a local journaling CLI with optional semantic search) but several red flags remain: there is no source repository or install instructions to review, the SKILL.md references bun/npm and embedding providers (OpenAI or local Ollama) while the registry metadata declares none of those requirements, and the tool stores config and may hold API keys in ~/.segundo/config.json. Before installing, ask the publisher for: (1) the source repo or package distribution URL and a checksum, (2) clear install steps and the exact binaries required, and (3) confirmation of what data is sent to external services (OpenAI or other). If you must try it, run it in a controlled environment (container or VM), avoid using your primary OpenAI key (create a restricted-scope or billing-limited key), or prefer a local Ollama instance to keep embeddings off the public internet. If the publisher cannot provide source/install details, treat the package as higher risk.

Review Dimensions

Purpose & Capability: noteThe described functionality (a CLI for journaling and semantic search) is coherent with the commands and storage paths in SKILL.md. However, the registry metadata lists no required binaries or environment variables while SKILL.md explicitly says it requires bun or npm and optionally an embedding provider (Ollama or OpenAI). The lack of a declared install path or source/homepage is inconsistent with a normal CLI distribution.
Instruction Scope: concernThe SKILL.md instructs use of a local data store (~/.segundo) and reading/writing ~/.segundo/config.json (which may contain API keys), and it references $OPENAI_API_KEY and an Ollama URL (http://localhost:11434). The metadata did not declare those env vars. While these actions are plausible for this kind of tool, the instructions allow the agent to access local files and a local HTTP service and to send data to cloud embedding providers — this should be explicit in the skill metadata and the user should confirm what data is sent to external services.
Install Mechanism: concernThere is no install spec and no source/homepage. SKILL.md says the tool is built with TypeScript and runs on Bun (or npm), implying installation from a package registry or release, but no package source or install steps are provided. That makes it impossible to verify the origin or review code before running, increasing risk.
Credentials: concernMetadata declares no required env vars, but the instructions mention using OPENAI_API_KEY or an openaiApiKey in config.json and an Ollama local URL. Requesting an API key for an embedding provider is reasonable for semantic search, but the omission from metadata is a mismatch. Also, config.json under ~/.segundo may store secrets — users should be aware and not put broad-scope keys there without encryption or careful scope limits.
Persistence & Privilege: okThe skill does not request always:true or system-wide privileges. It reads and writes its own files under the user's home (~/.segundo), which is normal for a user-level CLI. There is no indication it modifies other skills or system-wide agent settings.