Back to skill
Skillv1.0.3
ClawScan security
karakeep-sh · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 15, 2026, 6:24 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill appears to implement a simple bookmark REST client, but its metadata omits required credentials/binaries and there are small but important mismatches between instructions and code.
- Guidance
- This skill's code is a straightforward shell client that requires two environment variables (KARAKEEP_SERVER_URL and KARAKEEP_API_KEY) and the jq utility, but the registry metadata does not declare them — that mismatch is the main concern. Before installing: (1) confirm you trust the skill owner (source unknown); (2) do not export your API key globally if you don't trust the skill — consider using a throwaway account or scoped key; (3) inspect the script (it is included) and prefer sourcing it in a constrained shell or running it from an isolated environment; (4) note that SKILL.md asks the agent to confirm before deletes but the kb-delete function issues DELETE immediately — instruct the agent to always prompt the user before running kb-delete; and (5) ask the publisher to update registry metadata to declare required env vars and binaries. If you need stronger assurance, request a signed/source-linked release or run the script in a sandbox first.
Review Dimensions
- Purpose & Capability
- concernThe skill's purpose (Karakeep REST bookmark manager) matches what the script does (calls a user-provided Karakeep API), but the registry metadata declares no required environment variables or primary credential while the script clearly requires KARAKEEP_SERVER_URL and KARAKEEP_API_KEY. That omission is incoherent with the stated purpose.
- Instruction Scope
- noteSKILL.md instructs the agent to require KARAKEEP_SERVER_URL and KARAKEEP_API_KEY and to always ask the user for confirmation before deletes; the script does check the env vars, but the kb-delete function performs the DELETE immediately (no interactive confirmation). Otherwise the SKILL.md operations map closely to script functions and are within the scope of a bookmark client.
- Install Mechanism
- okThis is an instruction-only skill with a single shell script and no install spec, so nothing is downloaded or installed automatically. That minimizes install risk.
- Credentials
- concernThe skill requires a service URL and an API key (sensitive credential) to operate, but the registry metadata lists no required env vars and no primary credential. Additionally, the script assumes availability of jq and curl but the metadata lists no required binaries. Requiring an API key is proportional to the purpose, but failing to declare it in metadata is a red flag.
- Persistence & Privilege
- okThe skill does not request persistent/always-on privileges, does not modify other skills, and runs only when invoked. It executes network calls to the user-provided API endpoint only, which matches its purpose.