Back to skill
Skillv1.0.0
ClawScan security
Task Orchestra · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 23, 2026, 8:05 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's orchestration instructions look reasonable, but unexplained environment and install requirements (BRAVE_API_KEY and an npm 'async' binary) and missing source/homepage make the package incoherent and potentially risky.
- Guidance
- This skill's described orchestration features are plausible, but several inconsistencies suggest caution: - Ask the publisher (or repository) why BRAVE_API_KEY is required and what it's used for; do not provide sensitive tokens until that is explained. - Confirm why an npm 'async' package and an 'async' binary are installed — that package is normally a JS library, not a CLI. If you must install it, review the exact package and its maintainer and audit the package contents in a sandbox first. - Because the skill can spawn and steer subagents, run it in a restricted/sandboxed environment and limit its privileges on first use. - Prefer skills with a verifiable source/homepage and code you can inspect; this skill has no source URL or code files. If you cannot get a clear explanation for the BRAVE_API_KEY and the odd install spec, treat this skill as untrusted and avoid installing it or set it up in an isolated test environment only.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to coordinate subagents and manage workflows — that aligns with the SKILL.md instructions. However, the declared required environment variable (BRAVE_API_KEY) is unrelated to orchestration and is never referenced in the instructions. The install spec asks for an npm package 'async' and declares it creates a binary named 'async' (the npm 'async' package is a JS library, not a CLI binary). These requirements do not match the stated purpose and are disproportionate or unexplained.
- Instruction Scope
- noteThe SKILL.md is instruction-only and stays within orchestration concerns (spawn/monitor/kill subagents, dependency resolution, templates). It is quite high-level and grants broad discretion to spawn and manage subagents (including 'self-evolution' uses), which is powerful but consistent with an orchestration skill. The instructions do not reference BRAVE_API_KEY, curl/jq usage, or any external endpoints, and they are vague in ways that could enable wide-ranging agent behavior if the agent platform honors commands like sessions_spawn and subagents kill/steer.
- Install Mechanism
- concernAn npm install entry is present for package 'async' that purportedly creates a binary 'async'. This is inconsistent: 'async' on npm is a JS library (not a known CLI), and the skill contains no code files that would need that dependency. Installing arbitrary npm packages can introduce supply-chain risk; here the install requirement appears unnecessary or malformed.
- Credentials
- concernThe skill requires BRAVE_API_KEY but the SKILL.md contains no instructions that use Brave or any external search/API requiring that key. Requiring a secret-like environment variable without justification is disproportionate. No primary credential is declared, and no other env/config paths are requested.
- Persistence & Privilege
- okThe skill does not request always:true, does not declare system config paths, and is user-invocable only. That is a normal privilege profile. Note: the functional ability to spawn and manage subagents (per the instructions) is powerful — review platform-level permissions for spawning agents before enabling.