Skillv1.0.0

ClawScan security

Genviral · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 12:13 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (a Partner-API wrapper) but has important inconsistencies and modest risks you should review before installing (missing declared API env var and a self-update script that can fetch/replace code).
Guidance: This skill is an API wrapper for the Genviral Partner API and is largely coherent with that purpose, but do the following before installing or running it: 1) Inspect scripts/genviral.sh and scripts/update-skill.sh yourself (they can make network calls and the updater can replace code). Don't run the updater until you verify its behavior. 2) Expect to set GENVIRAL_API_KEY in your environment — the SKILL.md assumes it but the registry metadata does not declare it. 3) Confirm how your Genviral account and connected BYO accounts are authorized (the skill uses the Partner API; it shouldn't ask for unrelated credentials). 4) If you want a human review step enforced, ensure your agent configuration prevents autonomous runs for posting (the skill is allowed to be invoked autonomously by default). 5) If you are uncertain, run the skill in an isolated/test workspace first and verify no unexpected network endpoints are contacted and that update-skill.sh only pulls from the official GitHub repo and does what you expect.

Review Dimensions

Purpose & Capability: concernThe skill's name/description align with the files and commands (API wrapper for Genviral Partner API). However, the runtime docs repeatedly refer to a required API key (GENVIRAL_API_KEY) and an optional GENVIRAL_WORKSPACE_DIR, yet the registry metadata lists no required environment variables or primary credential. That mismatch (declaring no credentials while the instructions require GENVIRAL_API_KEY) is an incoherence that should be resolved before trusting the skill.
Instruction Scope: noteSKILL.md instructs the agent to call many API endpoints, generate and upload media, and read/append workspace files (workspace/performance/log.json, hook-tracker.json, workspace/context/*). Those actions are coherent with a posting/analytics skill. A couple of noteworthy items: the docs reference an image/vision assessment step (an abstract 'image(...)' vision call) which implies use of an image analysis tool (agent capability or external API) not spelled out; and the workflow emphasizes mandatory visual review gates, but an agent could be run autonomously — confirm human-in-the-loop safeguards if you need them.
Install Mechanism: noteThere is no install spec (instruction-only at registry level), which is low-risk in itself. However the package includes a non-trivial shell CLI (scripts/genviral.sh ~138KB) and a self-updater (scripts/update-skill.sh). The README documents a self-update feature that fetches updates from the upstream repo; running that updater (or if the agent were to run it) can pull and replace skill files from the internet, so inspect update-skill.sh before executing and avoid running it unattended. The repo/homepage is GitHub (a standard host), which reduces but does not eliminate risk.
Credentials: concernThe skill's operation clearly requires a Genviral API key (GENVIRAL_API_KEY is referenced across README, defaults.yaml, and docs), and an optional GENVIRAL_WORKSPACE_DIR override. Yet the registry metadata lists no required env vars or primary credential. That omission is a material inconsistency: the skill will not function without an API key and the agent will attempt to read environment variables that are not declared. No unrelated secrets (AWS, OAuth tokens for other services) are requested, which is appropriate, but the missing declaration of the main credential is problematic for permission reviews and automated guards.
Persistence & Privilege: okThe skill does not request 'always: true' and does not declare system-wide privileges. It writes only to its own workspace/ directory (documented as user-owned and preserved across updates). The self-updater edits skill-owned files (also documented) and is not configured to run automatically by default. This level of persistence is reasonable for a CLI-style skill that maintains local state.