Skillv2.0.3

ClawScan security

TrustBoost PII Sanitizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 6:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (remote PII sanitization) matches its instructions, but there are ambiguous and privacy-sensitive implementation details (trial tx_hash logic, optional private-key usage, and claims about not storing raw input) that don't fully add up and deserve clarification before use.
Guidance: This skill appears to do what it says (remote PII sanitization), but before installing: 1) Confirm the operator and endpoint (api.trustboost.dev / GitHub repo) are legitimate and review their privacy policy and audit report. 2) Ask for technical details on how 'raw input is never stored' is enforced (encryption, retention, access controls, and whether any raw content is processed in logs or backups). 3) Clarify the TRIAL mechanism: how is a wallet tied to 'TRIAL' without sending a signed transaction, and what information you must send that could deanonymize users? 4) Never supply production private keys; if autonomous payments are used, test only with ephemeral wallets and insist on client-side signing so the service never receives your private key. 5) For strict no-transmission environments (HIPAA, on-prem), use a local sanitizer — this skill transmits raw text to a third party. If these questions are unanswered or you cannot accept outbound transmission of user data, treat the skill as unsuitable.

Review Dimensions

Purpose & Capability: noteThe skill claims to be a remote PII sanitizer and its instructions require sending text to the TrustBoost API — this is coherent with the stated purpose. Minor mismatch: the SKILL.md metadata version is 2.0.2 while the registry lists 2.0.3 (likely benign but should be consistent).
Instruction Scope: concernRuntime instructions explicitly instruct the agent to transmit raw input text to https://api.trustboost.dev/sanitize and to include a Solana tx_hash. Sending raw text to a third-party service is expected for a hosted sanitizer, but the doc also repeatedly asserts 'raw input text is never stored' without describing technical controls (e.g., encryption at rest, retention policies, or how Supabase/trial logic prevents accidental persistence). The instructions also discuss signing Solana transactions and autonomous payments — that requires access to a wallet private key (sensitive) and the doc doesn't fully explain how wallets are authenticated for the TRIAL mode or how tx_hash='TRIAL' is validated per-wallet.
Install Mechanism: okInstruction-only skill with no install steps or code files — lowest install risk (nothing written to disk by the skill itself).
Credentials: concernNo required env vars, but metadata lists an optional SOLANA_WALLET_KEY for autonomous payments. Requesting (even optionally) a private key is high-sensitivity and should be justified with precise usage and guidance (e.g., ephemeral wallets only). The doc's payment/trial flow is underspecified: it's unclear how a wallet is associated with TRIAL requests if the tx_hash value 'TRIAL' is acceptable, which raises questions about how wallet-bound quotas are enforced without exposing private keys.
Persistence & Privilege: okalways:false and user-invocable: true — the skill does not request forced or always-on presence and does not modify other skills. No elevated platform privileges are requested.