Skillv1.0.0

ClawScan security

Felo Web Extract · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 11:20 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (calling Felo's web-extract API), but the registry metadata omits the required API credential and the package/source provenance is unclear — this mismatch is worth attention before installing.
Guidance: This skill appears to do what it says (POST to openapi.felo.ai to extract page content), but the manifest failed to declare the required FELO_API_KEY. Before installing or running: (1) confirm you are comfortable supplying your Felo API key (ensure the key's scope/permissions are appropriate); (2) verify the provider (openapi.felo.ai / felo.ai) and that the key will only be sent to that endpoint; (3) be aware the included Node script will make network requests using whatever FELO_API_KEY is present in the environment — avoid exposing broader credentials; (4) because the skill source/homepage is listed as unknown, prefer obtaining the tool directly from a trusted Felo release or the vendor if available. If you need higher assurance, request that the skill manifest be updated to declare FELO_API_KEY explicitly and provide publisher/homepage provenance.

Review Dimensions

Purpose & Capability: noteName, description, README, SKILL.md, and the included Node script all consistently implement a web-extraction client for the Felo API. However the skill's registry metadata claims 'Required env vars: none' while the runtime explicitly requires FELO_API_KEY (and optionally FELO_API_BASE). That metadata omission is an incoherence.
Instruction Scope: okRuntime instructions and the script only perform an HTTP POST to the Felo API, accept user-supplied URL and selector options, and print returned content. The skill does not read arbitrary local files, other credentials, or call unexpected external endpoints beyond the documented openapi.felo.ai endpoint (FELO_API_BASE override is documented).
Install Mechanism: okThere is no install spec (instruction-only style) and the included script is plain JavaScript (no obfuscation). No downloads from untrusted URLs or archive extraction are present. The script will run locally if executed, but nothing in the repository attempts to install additional packages automatically.
Credentials: concernThe runtime requires an API key (FELO_API_KEY) to authenticate with the Felo service, which is proportionate to the skill's purpose. The concern is that this required credential is not declared in the registry metadata (manifest lists 'none'), creating a mismatch: users or systems that rely on the manifest might not realize an API key is necessary or might supply it incorrectly. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill is not set to 'always' and does not request persistent system-wide privileges. It does not modify other skills or system configs. Autonomous invocation is allowed by default (platform normal) but not combined with other privilege escalations.