Skillv0.3.0

ClawScan security

DevTool Answer Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 7:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (monitoring LLM answers about developer tools) is coherent with the code and required tools, but there are metadata/instruction mismatches and a small risk that an agent could ask for or be given API credentials unnecessarily — review scripts and env var handling before running.
Guidance: This repository-backed skill appears to do what it says (monitor and score LLM answers). Before installing or running anything: (1) Prefer the zero-install demo (docs/index.html) to inspect outputs without running code. (2) Do NOT paste API keys into chat; if you need API-collection mode, set OPENAI_API_KEY and OPENAI_BASE_URL as local environment variables on a machine you control. (3) Inspect install.sh, quickstart.sh, run_monitor.py and run_chat_completions.py to understand what network calls and packages will be executed/installed. (4) Note the manifest vs SKILL.md mismatch: registry metadata lists OPENAI_API_KEY/OPENAI_BASE_URL as required while SKILL.md marks them optional — that can cause the agent to request secrets unnecessarily. (5) Run installs in an isolated environment (container or VM) if you plan to execute scripts, and restrict network access if you are unsure. If you want, paste any of the specific scripts here and I can review them for network calls or suspicious behavior before you run them.

Review Dimensions

Purpose & Capability: noteThe skill is clearly for collecting and analyzing LLM answers about developer tools; requiring python3, bash, and an OpenAI-compatible API key/gateway is appropriate for the API-collection mode. However, registry metadata lists OPENAI_API_KEY and OPENAI_BASE_URL as required while the SKILL.md marks them optional (API collection mode only). That mismatch is inconsistent and may cause the agent to ask for secrets even when only read-only demo/manual modes are needed.
Instruction Scope: okSKILL.md positions the root skill as a read-only workflow router (allowed-tools: Read) and explicitly recommends quickstart (zero-API) or manual-paste modes and warns not to paste API keys into chat. It also tells users to review local scripts before executing them. The instructions stay within the stated purpose, but they point to executable scripts (install.sh, quickstart.sh, run_monitor.py, run_chat_completions.py) that, if run, will access network/APIs — which is expected but requires user attention.
Install Mechanism: noteThere is no automated install spec in the skill metadata (instruction-only), which lowers automated install risk. The repo nevertheless includes install.sh, quickstart.sh, and many runner scripts that create virtualenvs and install dependencies. These are from the public repo and hosted artifacts (GitHub/jsDelivr) — not an arbitrary remote download — but if you run them they will write to disk and install packages. Review install.sh and requirements.txt before running.
Credentials: concernRequesting an OpenAI-compatible API key (OPENAI_API_KEY) and an OpenAI gateway URL (OPENAI_BASE_URL) is proportionate for API collection mode. The concern is a metadata/instruction mismatch: registry-level required env vars list both as required, while SKILL.md marks them optional and says API key is only needed for API collection mode. That discrepancy could lead the agent to prompt for secrets when they are not necessary for quickstart/manual modes. PrimaryEnv is set to OPENAI_API_KEY which increases the chance an agent will treat that secret as central.
Persistence & Privilege: okalways:false and user-invocable:true. The skill does not request permanent/always-on inclusion and does not modify other skills' configurations. Autonomous invocation is allowed (default) but that is platform normal; there is no unusual privilege requested by the manifest.