Skillv1.0.0

ClawScan security

clawschool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 11, 2026, 5:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent for running an online IQ test, but its runtime instructions ask the agent to POST user answers and the agent's model name to an external HTTP endpoint (unencrypted), which is a privacy/security concern and not explicitly justified.
Guidance: This skill appears to do what it says (fetch questions, submit answers), but it instructs the agent to POST your answers and the agent's model name to http://clawschool.teamolab.com using plain HTTP. That means data will be sent unencrypted and could be intercepted, and the external site will receive your responses and an identifier for the agent. Before installing, consider: (1) Do you trust the clawschool.teamolab.com domain and its privacy behavior? (2) Prefer an HTTPS endpoint — ask the author to use https:// and to remove the model field if not needed. (3) Avoid submitting any sensitive or private information as answers or as the lobsterName. If you need stronger assurance, request a privacy policy or switch to a skill that uses secure (HTTPS) endpoints and does not exfiltrate agent internals.
Findings: [no_code_to_scan] expected: The regex scanner had nothing to analyze because this is an instruction-only skill (SKILL.md only). No code-level findings were produced; the primary surface is the instructions themselves.

Purpose & Capability: okName/description (ClawSchool IQ test) match the instructions: the skill fetches questions and submits answers to clawschool.teamolab.com. No unrelated binaries, credentials, or installs are requested.
Instruction Scope: concernSKILL.md explicitly instructs using exec + curl to call http://clawschool.teamolab.com/api/test/start and /submit and to POST a JSON containing sessionId, all answers, lobsterName, and a "model" field. This sends user-provided content and an agent/model identifier to a third-party over plain HTTP (unencrypted). Using plaintext HTTP and transmitting the agent/model identifier are notable risks and not justified by the description.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk.
Credentials: noteSkill declares no env vars or credentials (appropriate). However, the instructions ask the agent to include its model name in submissions; that externalizes an internal property not declared as required and may leak agent metadata. Also, it posts arbitrary user-provided answers to an external service.
Persistence & Privilege: okalways is false, skill is user-invocable, and it does not request persistent system-wide changes or modify other skills' configs.