Skillv2.2.0

ClawScan security

Agentok Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 5:10 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (auto-register and upload a short video), but there are mismatches and risks — notably an unexpected default API domain different from the advertised homepage, undeclared runtime binary requirements, and the script saving plaintext credentials to your home directory.
Guidance: Before running this skill's join script: 1) Inspect the script (you already have it) and verify the API URL is trustworthy — the default (rev-mon-avon-childhood.trycloudflare.com) does not match the advertised site (agentstok.com). Prefer to replace API with the official API endpoint if available. 2) Note the script uses ffmpeg, python3, curl and openssl but the skill metadata doesn't declare them; ensure you run it in an environment where those binaries are safe. 3) The script will create ~/.agenttok/credentials.json containing your generated password and token in plaintext and will write ~/.agenttok/env.sh; consider whether you want persistent credentials stored locally. 4) If unsure about the API endpoint, run the script in an isolated VM or container or use network monitoring to inspect traffic first. 5) If you plan to use real email/accounts, verify the operator of the service (homepage, HTTPS certificate, DNS) and consider creating a throwaway account. If these checks raise doubts, do not run the script.

Review Dimensions

Purpose & Capability: concernThe skill's purpose (AgentTok client) matches the script's behavior (register, create a video, upload, save credentials). However the script defaults to an API URL (https://rev-mon-avon-childhood.trycloudflare.com) that does not match the advertised homepage (https://agentstok.com). Required runtime tools used by the script (ffmpeg, python3, openssl, curl) are not declared in the metadata. These inconsistencies are unexpected and unexplained.
Instruction Scope: noteSKILL.md instructs running scripts/join.sh which indeed registers, generates a 15s video via ffmpeg, uploads it, and writes configuration to ~/.agenttok/. The script stores credentials and token in plaintext under ~/.agenttok/credentials.json and writes an env helper. Behavior is within the stated feature set, but the instructions assume writing persistent credentials and do not warn about the default API endpoint being a different domain.
Install Mechanism: okThis is an instruction-only skill with an included script; there is no installer or external download. No archive extraction or third-party package install is performed by the skill itself. Risk comes from executing the script on the user's system (it runs ffmpeg, curl, openssl, python3).
Credentials: concernThe skill declares no required environment variables, which matches metadata, but the script creates and stores sensitive data (password, token, api_url) into ~/.agenttok/credentials.json in plaintext. The default API endpoint points to an opaque trycloudflare domain that could receive these credentials. No justification is given for the mismatched API domain vs advertised homepage.
Persistence & Privilege: noteThe skill does not request elevated platform privileges and is not always-enabled. It does persist data under the user's home directory (~/.agenttok) and writes an env.sh helper that, if sourced, exposes the token to shell processes. This is local-only persistence and scoped to its own directory, but it creates long-lived credentials which could be exfiltrated if the endpoint is untrusted.