Skillv0.1.0

ClawScan security

Scry · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 2:41 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: Scry is a research aggregator whose code and runtime instructions match its description; it reads local config/env for optional API keys and runs a local Python script to fetch public data from many sources — nothing in the package appears to be covert or obviously malicious, but it will access local config and environment variables and run network requests, so review any keys you store before use.
Guidance: This skill is a local research aggregator and appears coherent with its description, but it will (1) run the included Python script (scripts/scry.py) which performs many network requests, (2) probe your environment and config files for optional API keys and binaries, and (3) write a cache to ~/.cache/scry and may read ~/.config/scry/.env or ~/.config/last30days/.env. Before installing or running: (A) inspect scripts/scry.py (full contents) to confirm no unexpected output of secrets; (B) avoid storing sensitive credentials in your shell environment or ~/.config/scry/.env if you do not want them used; (C) run the skill in an isolated environment (container or throwaway account) if you need to be conservative. If you want, I can scan scripts/scry.py (the orchestrator) for any places that might print or transmit environment values or other surprises — provide the file and I'll review it line-by-line.

Review Dimensions

Purpose & Capability: okThe name/description (multi-source research) align with the included modules and SKILL.md. The repository contains source modules for the many sites listed (GitHub, Reddit, X, YouTube, ArXiv, SEC EDGAR, etc.), scoring/deduplication pipelines, and a CLI orchestrator. The requested binaries/tokens are optional and match optional sources (yt-dlp for YouTube, X/Twitter cookies/tokens for X, SCRAPECREATORS_API_KEY for TikTok/Instagram, HF_TOKEN for HuggingFace, etc.).
Instruction Scope: noteThe runtime instructions explicitly tell the agent to locate and execute scripts/scry.py (foreground, 5-minute timeout) and to read the entire output. The SKILL.md also instructs the agent to "discover available API keys and binaries." The code supports that: env.py reads ~/.config/scry/.env and environment variables and probes for binaries. This is coherent with enabling optional source access, but it does mean the script will enumerate local config and env keys when run.
Install Mechanism: okNo install spec is provided (no external downloads or installers). The skill is shipped with Python code (and vendored JavaScript for the X client). Running it executes the included scripts; nothing in the package attempts to fetch arbitrary install artifacts at runtime. This is the lower-risk pattern for skill distribution, but note that executing the bundled code runs network calls.
Credentials: noteThe skill does not declare required env vars in the registry metadata, but its code reads a broad set of environment variables and config files (OPENAI_API_KEY, XAI_API_KEY, AUTH_TOKEN, CT0, THREADS_ACCESS_TOKEN, SCRAPECREATORS_API_KEY, HF_TOKEN, PRODUCTHUNT_TOKEN, SO_API_KEY, etc.) and will use them if present. This is proportionate to offering optional access to additional sources, but it means any tokens present in your environment or in ~/.config/scry/.env (or the compatibility path ~/.config/last30days/.env) could be accessed and used by the script. If you have sensitive keys in your environment, consider running the skill in a controlled environment or removing/isolating those keys.
Persistence & Privilege: okThe skill does not request always:true and does not alter other skills. It writes a cache to ~/.cache/scry and can read/write ~/.config/scry/.env per README guidance; those are reasonable for a local research tool. It does not request system-wide privileges beyond normal file I/O in user directories.