Skillv0.0.5

ClawScan security

UniFuncs Deep Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 27, 2026, 5:45 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match a deep-search client that sends queries to api.unifuncs.com, but the registry metadata omits the required UNIFUNCS_API_KEY and there are features (push-to-share / set-public, stream file writing) that could unintentionally expose data — proceed with caution.
Guidance: This skill appears to be a legitimate client for UniFuncs Deep Search, but the package metadata fails to declare the required UNIFUNCS_API_KEY — the SKILL.md and the bundled scripts do expect that API key. Before installing: (1) avoid sending passwords, secrets, or personally-identifiable data as query text (the queries and results are sent to a third-party API and may be published if options like push-to-share / set-public are used); (2) verify the publisher/source (there's no homepage or repository linked); (3) confirm you are comfortable storing/using an external API key and that the key has limited scope and revocation ability; (4) ask the publisher to update the manifest to declare UNIFUNCS_API_KEY as a required credential; and (5) if in doubt, inspect the included Python files (they are bundled) and test with non-sensitive queries first.

Review Dimensions

Purpose & Capability: noteThe name/description, SKILL.md, and included Python scripts are coherent: they implement a UniFuncs Deep Search client that calls https://api.unifuncs.com/deepsearch/* endpoints. That capability matches the stated purpose. However, the skill package metadata declares no required environment variables or primary credential while both SKILL.md and the code require an API key (UNIFUNCS_API_KEY). The missing declaration in the registry metadata is an inconsistency and reduces trust.
Instruction Scope: noteSKILL.md instructs the agent to run the bundled Python scripts and to set UNIFUNCS_API_KEY; the scripts perform only network calls to the UniFuncs API, stream output to temp or user-specified files, and print results. These actions are within the stated 'deep search' scope. Two points to watch: (1) options like --push-to-share and --set-public can publish results to the service's share space, and (2) streaming writes/read stream-file contents to disk (temp or user-specified paths). Both behaviors can expose query contents if the user provides sensitive data.
Install Mechanism: okNo install spec is present (instruction-only with included scripts). That is lower risk because nothing is downloaded or executed from an external arbitrary URL on install. The code itself is bundled and uses only the Python standard library (urllib, tempfile, etc.).
Credentials: concernThe code and SKILL.md require a UNIFUNCS_API_KEY, but registry metadata lists no required env vars or primary credential — this mismatch is a notable red flag. Aside from that API key, no other credentials are requested. Because queries (and any sensitive content included in them) will be transmitted to a third-party API, the API key should be declared by the publisher, and users should ensure the key has appropriate scope/limits.
Persistence & Privilege: okThe skill is not marked always:true and does not request permanent system privileges. It writes ephemeral stream files to temp or user-specified paths and does not modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.