Back to skill
Skillv1.0.1
ClawScan security
Oracle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 8:21 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The SKILL.md is coherent about how to use the @steipete/oracle CLI, but the instructions reference environment variables, local session storage, and runtime downloads (npx) that are not declared by the skill metadata — this mismatch and the fact that the workflow will upload local files to an external model warrant caution.
- Guidance
- This skill is an instruction-only wrapper around an external npm CLI; it will cause 'npx -y @steipete/oracle' to fetch and run code and will bundle and send local files to a remote model (browser automation or API). Before using: (1) verify the npm package and its homepage/repo (ensure @steipete/oracle is the intended publisher), (2) prefer --dry-run and --files-report to preview exactly which files will be sent, (3) avoid attaching secrets or private keys and explicitly exclude dotfiles/.env, (4) be aware sessions are stored under ~/.oracle/sessions (set ORACLE_HOME_DIR if you want a different location), (5) only set OPENAI_API_KEY or remote tokens when you intend an API run, and (6) if you need stronger guarantees, run the CLI in an isolated environment (container/VM) and inspect the package source before executing. The main problem here is a transparency mismatch — the SKILL.md references env vars and local storage but the skill metadata doesn't declare them — so proceed with caution.
Review Dimensions
- Purpose & Capability
- noteThe name/description (wrap the @steipete/oracle CLI to bundle prompts+files for a second-model review) matches the instructions: the SKILL.md explains CLI commands and workflows. It legitimately needs to read files and send them to a model, so the core purpose is consistent.
- Instruction Scope
- concernThe runtime instructions tell the agent/user to run 'npx -y @steipete/oracle' and to provide file globs (including excludes), reattach to stored browser sessions, and potentially upload/paste files to remote browser automation or API models. The doc explicitly references OPENAI_API_KEY and remote tokens and shows a local session directory (~/.oracle/sessions) — none of these env vars or config paths are declared in the skill metadata. Because the instructions will cause local files to be bundled and transmitted to external services, the absence of declared env/config requirements is a notable inconsistency.
- Install Mechanism
- noteThere is no install spec in the skill bundle (instruction-only), which is low risk for the skill package itself. However, the instructions repeatedly call 'npx -y @steipete/oracle' which will download and execute code from npm at runtime; that runtime download is outside the skill metadata but is operationally significant and worth the user's attention.
- Credentials
- concernThe skill metadata declares no required env vars, yet the SKILL.md references OPENAI_API_KEY (engine auto-pick), ORACLE_HOME_DIR override, and remote-token/--token for remote-host usage. These environment/config touches are relevant to the described functionality but should have been declared; the mismatch reduces transparency and could lead to accidental credential use or unexpected data flows.
- Persistence & Privilege
- notealways:false and user-invocable:true (defaults) are appropriate. The instructions say the CLI stores sessions under ~/.oracle/sessions (overrideable via ORACLE_HOME_DIR) — that local persistence is reasonable for the tool's workflow but is not declared in the skill metadata and may retain copies of bundled files/prompts, so users should be aware.