Skillv1.0.0

ClawScan security

Maay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 16, 2026, 8:14 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions match an ATXP CLI integration, but metadata and declared requirements are inconsistent and the runtime instructions ask the agent to fetch and execute remote code and source a user config — this mismatch and the dynamic npx install raise concerns.
Guidance: This skill appears to wrap the ATXP CLI, which is plausible for the described features, but there are several red flags you should consider before installing or running it: - Metadata mismatch: the package name in SKILL.md ('atxp') and owner IDs in _meta.json differ from the registry metadata (skill name/slug/owner). Ask the publisher to correct and justify these inconsistencies. - Undeclared credential: SKILL.md references $ATXP_CONNECTION and ~/.atxp/config but the skill manifest declares no required env vars. Treat any skill that loads credentials not declared in its manifest as suspicious. - Dynamic remote code: the recommended 'npx atxp login' will download and run an npm package at runtime. Only run this if you trust the package's publisher; inspect the package source first or run it in a sandbox. - Sourcing user config: 'source ~/.atxp/config' executes that file. Inspect ~/.atxp/config before sourcing; do not source files from unknown packages without review. - External endpoints: the MCP server domains (e.g., search.mcp.atxp.ai) will receive search queries and prompts. Do not send sensitive information to these endpoints unless you trust the service and have reviewed its privacy/security posture. Actions you can take: - Ask the skill author to update the manifest to declare ATXP_CONNECTION as a required env/primary credential and to correct owner/name/slug to match SKILL.md. - Request a homepage or link to the 'atxp' npm package and verify the package contents and publisher identity on npm/GitHub before running 'npx atxp'. - If you must test, run 'npx' and 'atxp login' in an isolated environment (VM/container) and inspect ~/.atxp/config before sourcing it. - Prefer explicit programmatic API keys with limited scopes rather than auto-sourcing config files. Given these inconsistencies and the fact the skill instructs the agent to fetch and execute remote code and source a user config, treat this skill as suspicious until the author provides corrected metadata and provenance.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes accessing ATXP paid APIs (search, image, music, video, X) and the provided commands/programmatic snippets match that purpose. However the skill metadata (name 'Maay', slug 'sss', registry owner id) does not match the SKILL.md top-level name ('atxp') and the _meta.json ownerId differs from the registry owner — an incoherence. Also the runtime uses an ATXP_CONNECTION environment variable but the skill declares no required env vars.
Instruction Scope: concernInstructions tell the agent to run 'npx atxp login' and to 'source ~/.atxp/config' and to check $ATXP_CONNECTION. Sourcing a config file executes its contents in the shell and can run arbitrary code; relying on 'npx' fetches and runs code from the npm registry at runtime. The SKILL.md references an env var (ATXP_CONNECTION) and a home config path that are not declared in the skill metadata.
Install Mechanism: concernThere is no install spec, but instructions rely on 'npx atxp' which will dynamically download and execute a package from the npm registry. Dynamic npx installs are effectively arbitrary remote code execution unless the package is known and verified. The skill provides no provenance (homepage, official package name verification) for the 'atxp' package.
Credentials: concernThe SKILL.md expects an ATXP_CONNECTION credential (and suggests sourcing ~/.atxp/config) but the skill declares no required environment variables or primary credential. That mismatch is important: the agent will be instructed to load credentials not declared in the skill manifest. The skill will also send queries and prompts to external MCP servers listed in the doc.
Persistence & Privilege: noteThe skill does not request 'always: true' and is not asking to modify other skills or global agent settings. However the login flow writes/sources ~/.atxp/config which could persist credentials and execute config content — users should be cautious about allowing automatic sourcing of files in their home directory.