Skillv1.0.0

ClawScan security

Genviral Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 12:13 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (a CLI wrapper for the Genviral Partner API) but has coherence issues — most importantly it uses an API key (GENVIRAL_API_KEY) yet the registry metadata does not declare required environment variables, and the included self-update script introduces update/download risk.
Guidance: This skill appears to do what it says (wrap the Genviral Partner API) but has a few red flags you should address before installing or running it: - The SKILL.md and defaults.yaml require GENVIRAL_API_KEY (and optionally GENVIRAL_WORKSPACE_DIR), but the registry metadata claims no required env vars — treat that as a metadata/packaging error. Expect to supply your Genviral API key to use it. - Inspect scripts/genviral.sh and scripts/update-skill.sh yourself before running. The updater can fetch and apply remote code; verify where it pulls updates from and whether it does automatic network operations. If you don't want remote code pulled, do not run the updater or remove/disable it. - Run the skill in a constrained environment (container or isolated user account) the first time so it can only access the files you intend. Monitor network calls or run it with network access disabled if you only want to inspect behavior. - Backup any important data; the skill writes to workspace/, which the README says is user-owned, but you should confirm and set workspace dir to a safe location you control. - Confirm the GitHub homepage/source (https://github.com/fdarkaou/genviral-skill) is legitimate and matches the files you received; prefer installing via a pinned commit or review the repo history to reduce supply-chain risk. If you want, I can (a) list the exact files/lines to review in scripts/update-skill.sh and scripts/genviral.sh for network fetches/execution, or (b) help craft safe commands to run the skill in an isolated container for testing.

Review Dimensions

Purpose & Capability: concernName and description match the files and commands: this is a Genviral Partner API wrapper and needs bash/curl/jq to call the Partner API. However the metadata claims 'Required env vars: none' and 'Primary credential: none' while SKILL.md and defaults.yaml clearly reference GENVIRAL_API_KEY (and an optional GENVIRAL_WORKSPACE_DIR). That mismatch is an incoherence the user should be aware of.
Instruction Scope: noteSKILL.md instructs the agent to call the Partner API, generate/upload media, and read/write workspace files (workspace/performance/log.json, hook-tracker.json, etc.) — all consistent with the stated purpose. It also references a vision/image tool for image assessment and requires human visual review as a hard gate. No instructions request unrelated system secrets or arbitrary host files. The one noteworthy instruction-surface risk: the skill includes a self-updater (scripts/update-skill.sh) and README documents an auto-update flow; that updater could fetch and replace skill code if run.
Install Mechanism: noteThere is no formal install spec in the registry (no package downloads at install time), which is low-risk. But the bundle contains scripts (scripts/genviral.sh and scripts/update-skill.sh). The README documents a git clone install and an updater script that can check/apply updates. If the updater fetches code from the network (likely GitHub), running it transfers execution trust to remote code updates — an expected convenience but an operational risk if the remote repo is compromised or the updater is run automatically without review.
Credentials: concernThe runtime clearly requires an API key (GENVIRAL_API_KEY) to call the Partner API and optionally GENVIRAL_WORKSPACE_DIR, but the registry metadata did not declare any required env vars or primary credential. That discrepancy is significant: the skill will prompt for/use a secret (API key) even though the metadata says none are needed. No other unrelated secrets are requested in the docs.
Persistence & Privilege: okalways:false (not force-included) and normal autonomous invocation settings. The skill writes only to its own workspace/ directory (declared user-owned in README). The updater modifies skill-owned files (SKILL.md, scripts, docs) per README — this is expected for a self-updating skill but is a privilege the user should consciously accept. The skill does not request system-wide config or other skills' credentials.