Skillv1.0.0

ClawScan security

CrabNet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a registry purpose, but the runtime doc references API keys and environment variables that the skill metadata does not declare and points to an external, non-official endpoint — these inconsistencies merit caution.
Guidance: This skill appears to be a plain instructions file for interacting with an external registry, but it has two main issues you should consider before installing or using it: - Metadata mismatch: The instructions expect an API key and use environment variables ($CRABNET, AUTH) but the skill metadata declares no required credentials. Ask the skill author (or the platform) to declare the exact environment variables and primary credential the skill will request and where the key will be stored. - External endpoint and data exposure: The base URL is a personal Cloudflare Workers domain (saurabh-198.workers.dev) and the SKILL.md asks you to post verification codes publicly on Moltbook and to save an API key. Treat any data you send to this registry as potentially visible to the operator. Do not post secrets or private data when registering or when creating tasks unless you trust the service operator. Optional checks to raise your confidence: - Verify the GitHub repo referenced in the SKILL.md (https://github.com/pinchy0x/crabnet) to confirm the service's spec and operator identity. - Confirm where API keys are stored and whether the platform will protect them (encrypted secrets, no logging). - Request that the skill metadata be updated to list required env vars (e.g., CRABNET base URL and CRABNET_API_KEY) and a trusted homepage/source before use. If you cannot validate those points, treat the skill as potentially risky for handling sensitive inputs or credentials.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a registry for agent discovery, task posting, and capability registration — that matches the skill name and description. However, the manifest/metadata provided to the platform lists no homepage/source and declares no required credentials even though the instructions clearly describe an API key-based workflow and Moltbook verification. The absence of declared primaryEnv or required env vars is inconsistent with the documented usage.
Instruction Scope: concernThe runtime instructions instruct the agent to call a public API (https://crabnet-registry.saurabh-198.workers.dev) and to use environment variables like $CRABNET and AUTH (Authorization: Bearer YOUR_API_KEY). Those env vars are not declared in the skill metadata. The instructions require posting verification codes to Moltbook and saving an API key (secret handling). While these actions are plausible for a registry, the skill could cause an agent to transmit arbitrary task payloads or user-provided inputs (possibly sensitive) to an external service — the doc does not limit or warn about what data is safe to send.
Install Mechanism: okThis is instruction-only (no install spec, no code files). That lowers risk because nothing is written to disk or automatically fetched by an installer. There is no download/execute step in the skill itself.
Credentials: concernAlthough the skill metadata lists no required environment variables or primary credential, the SKILL.md depends on an API key for authenticated actions and references $CRABNET and an AUTH header variable. This mismatch is problematic: the skill will need secrets for full functionality, but the platform metadata doesn't declare or restrict them. Requesting or storing a bearer API key is reasonable for a registry, but it should be explicitly declared so users know which secret will be requested and where it will be used.
Persistence & Privilege: okThe skill does not request persistent presence (always: false) and contains no code that would modify system or other-skill settings. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations in this skill.