Skillv1.0.0

ClawScan security

hello-example · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 10, 2026, 11:41 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims a private file (secret.md) should have been excluded but the published package includes it (and even embeds its contents), which is an incoherence and exposes sensitive-looking data.
Guidance: This package is suspicious because it claims secret.md should have been excluded yet the published bundle contains that file and its contents. Although the included api_key and path look fake, treat this as a data-leak risk. Before installing: (1) do not run or grant credentials to the skill; (2) inspect the files yourself and remove secret.md if you publish or install locally; (3) ask the author to republish without secret.md and to confirm the values are not real; (4) avoid installing into environments where the exposed vault_path or keys might overlap with your real secrets. If the author removes secret.md (or confirms the content is demonstrably dummy and safe), this would reduce concern.

Purpose & Capability: concernThe skill description's purpose is to demonstrate that .clawhubignore excluded secret.md, yet the published package contains secret.md (and its contents are reproduced in SKILL.md). That contradicts the stated purpose and suggests the ignore mechanism failed or the author accidentally published a secret file.
Instruction Scope: concernSKILL.md only instructs the agent to check whether secret.md is present, which is reasonable for a test. However, SKILL.md also includes the full contents of secret.md in the 'File contents' section, effectively publishing the secret. The instructions do not direct network exfiltration or other actions, but they do disclose sensitive-looking data in the package itself.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk or installed at runtime by the skill itself.
Credentials: concernThe skill declares no required environment variables (which is appropriate), but the package includes a file that contains an api_key and a local vault_path. Publishing such credentials (even if fake) is disproportionate and risky because real secrets might be exposed the same way.
Persistence & Privilege: okThe skill does not request persistent or elevated privileges (always:false, no config paths, no installs). It is not asking to modify other skills or system settings.