Skillv1.0.0

ClawScan security

Kiro Creator Monitor Daily Brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 21, 2026, 9:55 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code matches its stated monitoring/delivery purpose, but the registry metadata claims many required secrets (SMTP, Slack, Telegram) even though delivery is optional in the code and config — this mismatch is unnecessary and worth caution.
Guidance: This skill appears to do what it says: gather signals and optionally post a daily brief. However, the registry metadata incorrectly marks delivery credentials (Telegram token, Slack webhook, SMTP user/pass) as required even though delivery is optional in the code and examples. Before installing: (1) do not populate or expose broad secrets unless you intend to enable that delivery channel; prefer creating channel-specific tokens with minimal scope; (2) inspect the full daily_brief.py (especially the delivery functions) to confirm endpoints are only official Telegram/Slack/email and that no unexpected hosts are contacted; (3) run the script in a controlled environment (or with delivery disabled) to validate behavior; (4) if you already provided credentials and want to be cautious, rotate those credentials after testing. The metadata inconsistency is not proof of malicious intent, but it is a red flag you should resolve before trusting persistent secrets to the skill.

Purpose & Capability: okName/description (monitor X/RSS/GitHub/Reddit and optionally deliver via Telegram/Slack/email) align with the included Python scripts and example config. Required binary (python3) and primary credential (X_BEARER_TOKEN) are reasonable for the stated purpose.
Instruction Scope: okSKILL.md instructs running the included scripts with a JSON config and optionally delivering results. The instructions and code only access the listed APIs/endpoints (api.x.com, api.github.com, reddit, RSS feeds) and optional delivery endpoints; there are no instructions to read unrelated system files or send data to unknown hosts.
Install Mechanism: okThere is no install spec that downloads/executes third-party binaries or archives. The skill is instruction-plus-scripts only, so nothing is fetched from arbitrary URLs during install.
Credentials: concernRegistry metadata lists many required environment variables (TELEGRAM_BOT_TOKEN, SMTP_PASS, SLACK_WEBHOOK_URL, etc.) despite the SKILL.md and examples showing delivery channels are optional and disabled by default. The install helper even marks these as OPTIONAL_ENVS. Declaring all secrets as required in metadata is disproportionate and inconsistent with the code.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. install_and_init writes config/template files to a user-scoped workspace path, which is expected behavior.