Skillv1.0.0

ClawScan security

Felo LiveDoc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 11:29 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match the claimed LiveDoc functionality, but the package metadata omits required environment and runtime requirements (FELO_API_KEY and Node), and the skill executes a bundled Node script that will contact an external API and can upload files — this mismatch and the execution behavior warrant caution.
Guidance: What to consider before installing: - Metadata mismatch: the registry metadata claims no required env vars or binaries, but SKILL.md and the included script require FELO_API_KEY and the node runtime. Treat that as a red flag — the package declarations should be corrected. - Execution behavior: installing/using this skill will run a bundled Node script that contacts https://openapi.felo.ai (or FELO_API_BASE if overridden) and can upload files or send text you provide. Only use it with non-sensitive test data until you trust the service and code. - Verify the API key: create a scoped or revocable FELO API key if possible. Avoid using long-lived, highly-privileged keys. Be prepared to revoke the key if you see unexpected activity. - Inspect the code locally: the full script is included in the package. Review scripts/run_livedoc.mjs yourself (or with someone you trust) before running it in your environment. - Runtime requirements: ensure Node is installed and that running the script from the skill path is acceptable in your environment. The package should declare 'node' as a required binary; absence of that in metadata is an oversight. - Network and file risk: the skill will upload any files you direct it to and post content to the remote API. Do not upload secrets, credentials, or private files unless you trust the remote endpoint and have validated the code. If you want to proceed: fix or confirm the missing metadata (declare FELO_API_KEY and node), create a limited test API key, run the script locally to observe behavior, and monitor network/API usage for unexpected calls.

Review Dimensions

Purpose & Capability: concernThe skill's name, README, SKILL.md, and the included script all implement Felo LiveDoc CRUD, resource uploads, and semantic retrieval against the Felo API — that aligns with the stated purpose. However, the registry metadata declared 'Required env vars: none' and 'Required binaries: none' while the SKILL.md and script clearly require FELO_API_KEY and execution via 'node'. The missing declarations are an inconsistency.
Instruction Scope: noteSKILL.md explicitly instructs the agent/user to run the included Node script via the Bash tool (node ~/.agents/skills/felo-livedoc/scripts/run_livedoc.mjs). The script performs network requests to the Felo API (default base https://openapi.felo.ai), accepts file paths for upload (reads files provided by the user), and can send user-supplied content. It does not appear to read unrelated system files or other credentials, but it will transmit data (including uploaded files and text) to the external API.
Install Mechanism: concernNo install spec is provided (instruction-only), which is low risk in itself. But the instructions assume Node is available and that the included script is executed from the skill folder. The package metadata did not declare Node as a required binary. Because the skill bundles executable code that will be run, the absence of an explicit runtime requirement in the registry metadata is an incoherence to be aware of.
Credentials: concernThe skill requires FELO_API_KEY (and optionally FELO_API_BASE) for API access, which is proportionate to its purpose. However, the registry metadata incorrectly lists 'Required env vars: none' and 'Primary credential: none' despite the SKILL.md and script demanding FELO_API_KEY. This mismatch should be resolved before trusting installation. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable; it does not request elevated or persistent privileges. It does include a script that will run when invoked and makes outbound network calls, but it does not modify other skills or system-wide agent settings.