Back to skill
Skillv1.0.1
ClawScan security
API KISS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 1:44 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with a unified API gateway: it only asks for an APIKISS API key and its SKILL.md describes using that key to call many read/write endpoints — but there are a few minor documentation inconsistencies and operational risks to be aware of.
- Guidance
- This skill appears to do what it says: it proxies many small services through one API key. Before installing: (1) Treat APIKISS_API_KEY as sensitive — it can send SMS/emails and perform lookups, and could incur costs or enable abuse if leaked. (2) Confirm provider pricing, rate limits, and acceptable-use policy. (3) Ask the maintainer/provider to clarify the GET vs JSON inconsistency (e.g., /password/validate) and whether message bodies are sent in query strings (which can be logged). (4) Prefer creating a scoped or low-privilege key if provider supports it, and rotate the key if you test with real data. (5) Avoid sending sensitive personal data through the skill unless you have reviewed the provider's privacy/security practices.
Review Dimensions
- Purpose & Capability
- okName/description promise (a single gateway to many small services) matches the declared requirement: one API key (APIKISS_API_KEY). No unrelated credentials, binaries, or install steps are requested.
- Instruction Scope
- noteSKILL.md confines actions to calling https://www.apikiss.com/api/v1/ endpoints with a Bearer token. however it states "Method: GET for all endpoints (parameters are query strings)" but later asks to send a JSON body for /password/validate — this is inconsistent. Many endpoints perform write actions (SMS, email) that will transmit user-provided content to an external service (expected for this skill but a privacy/abuse consideration). /ip returns the agent's public IP (expected) and query-string-based send endpoints may expose content in logs.
- Install Mechanism
- okInstruction-only skill with no install spec, no code files, and no downloads — minimal installation risk (nothing is written to disk by the skill itself).
- Credentials
- noteOnly APIKISS_API_KEY is required (appropriate), but that single credential grants broad capabilities (sending SMS/email, performing lookups, generating content) and may incur costs or be abused if leaked. The manifest doesn't request unrelated secrets.
- Persistence & Privilege
- okSkill is not always-enabled and uses normal autonomous invocation. It does not request persistent system-level privileges or access to other skills' configurations.