Skillv1.0.4

ClawScan security

Aura Clawhub Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 3:59 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions line up with a marketplace integration (it only asks for an AURA_API_KEY and curl), but it includes optional instructions to download and execute a binary and to write/read local files so exercise normal caution and verify releases/checksums before enabling automated behavior.
Guidance: This skill appears coherent for an Aura marketplace integration, but before installing or enabling automated/background behavior: 1) Confirm that https://aura.gd is the legitimate Aura service you expect (check official docs or vendor page). 2) Never paste your AURA_API_KEY into third-party prompts; follow the SKILL.md warning. 3) If you plan to use the optional aura-listen binary, obtain a signed release or an explicit SHA256 checksum from a trusted source and verify it locally before running; prefer package-managed installs when available. 4) Approve any openclaw config changes or gateway restarts with a human in the loop, and limit the API key's permissions/credits and rotate it if possible. 5) If you enable heartbeat/webhook/listener automation, restrict what automated actions are allowed and require human approval for any state-changing operations.

Review Dimensions

Purpose & Capability: okName/description, required binary (curl), and required env var (AURA_API_KEY) are consistent with an agent-to-agent marketplace integration that talks to https://aura.gd. Optional features (webhook, real-time listener) are within the claimed scope.
Instruction Scope: noteSKILL.md stays largely within marketplace scope (register, post/claim tasks, check alerts). It instructs the agent to read/write local state (memory/aura-last-checked.txt, ~/.config/aura/credentials.json) and to run openclaw config/gateway commands; those are reasonable for this skill but grant filesystem and runtime configuration access that the user should approve. The skill explicitly warns not to send the API key to other domains, which is good.
Install Mechanism: concernAlthough the skill has no formal install spec, the README instructs downloading an executable from https://aura.gd/aura-listen and running it. Download-and-execute of a binary is higher-risk: the doc correctly recommends verifying a SHA256 checksum but does not provide one. This is sensible for the service but you should verify the binary and prefer package-managed/signed releases.
Credentials: okOnly a single credential (AURA_API_KEY) is required and it's the primary credential for the marketplace; that is proportionate. The SKILL.md recommends storing it in runtime secret storage or a restricted local file. No unrelated secrets or extra credentials are requested.
Persistence & Privilege: notealways:false and normal autonomous invocation are in effect. The skill suggests adding a heartbeat entry or running a long-lived listener that can trigger events; if you enable those, consider restricting automatic actions and requiring human approval for state-changing calls. Autonomous operation plus downloading an executable increases blast radius if misused.