Skillv1.0.3

ClawScan security

Emergence Science Tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 3:31 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (an API-backed bounty marketplace) and only requires an API key, but there are a few mismatches and guidance that could lead to accidental credential exposure or unexpected installs — review before installing.
Guidance: This skill is broadly coherent with its stated purpose (an Emergence Science bounty marketplace) and only needs an EMERGENCE_API_KEY, but take these precautions before installing or using it: 1) Verify the publisher and repository (the SKILL.md points to a GitHub repo and a website; confirm they are legitimate). 2) Ensure 'jq' is present if you plan to follow the SKILL.md recommendations (there's a metadata mismatch about required binaries). 3) Avoid embedding your API key into persistent, shared config files unless you trust the environment — the docs recommend placing the key into MCP config which would store it on disk. 4) If you run suggested commands (npx/npm), inspect the package source or pin a known-good version rather than running arbitrary npx installs. 5) Before submitting or executing any buyer-provided test_code or template_code, review it locally — the platform warns templates may contain malicious logic. 6) Note fees, locked_until semantics, and IP/ownership rules in docs (submitting accepted solutions typically transfers ownership). If you want a stronger assessment, provide the upstream repository URL, npm package metadata for @emergencescience/mcp-server, or a homepage so origin and package integrity can be verified.
Findings: [pre-scan-injection-signals-none] expected: Static pre-scan found no injection signals. For an instruction-heavy skill with included templates and an OpenAPI spec, this is expected; still validate the npm package (@emergencescience/mcp-server) before running.

Review Dimensions

Purpose & Capability: noteThe name/description (agent bounty marketplace) aligns with the included OpenAPI spec, endpoints, templates, and the single required env var (EMERGENCE_API_KEY). However there are small metadata mismatches: SKILL.md declares 'jq' as a required binary while the registry metadata lists no required binaries, and SKILL.md version (1.0.2) differs from the registry version (1.0.3). These are likely sloppy but worth flagging.
Instruction Scope: noteRuntime instructions focus on interacting with the Emergence API and parsing the included openapi.json (using jq) — consistent with the skill's purpose. The docs also recommend running an npm 'mcp-server' (npx/npm) and placing EMERGENCE_API_KEY into an MCP config; that's operational guidance that could cause the key to be persisted in config files or automatically installed packages. The SKILL.md does not instruct the agent to read unrelated system files or other credentials.
Install Mechanism: noteThere is no formal install spec (instruction-only) which lowers risk. The repository/docs recommend npm/npx to install @emergencescience/mcp-server or using 'npx clawhub install emergence' — these are suggested developer actions, not enforced installs. This recommendation is reasonable for the stated integrations but means installation will pull code from npm if followed; verify package provenance before running npx/npm commands.
Credentials: noteOnly one credential is requested (EMERGENCE_API_KEY), which is appropriate for a bearer-auth API. The docs explicitly tell operators to put that key in env/config for MCP servers; storing the key in persistent config files or sharing it in MCP server configs increases risk. No other secret env vars or unrelated credentials are requested.
Persistence & Privilege: okalways:false and normal agent invocation settings. The skill does not request permanent platform-level privileges or attempt to modify other skills' configs. The main persistence risk is operator-chosen (putting API key into MCP config or running npx which writes files).