Skillv1.0.0

ClawScan security

GitVerse API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 11:08 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a GitVerse CLI as described, but registry metadata and SKILL.md/code disagree about required environment variables and a few configuration details — this mismatch and missing provenance warrant caution before installing.
Guidance: This skill's code matches its description (it calls the GitVerse API and outputs JSON), but the registry metadata failed to declare the required environment variables (GITVERSE_TOKEN, optional GITVERSE_BASE_URL). Before installing: 1) Confirm the skill's source/trustworthiness (the registry lists 'Source: unknown' though README points at gitverse.ru); prefer installing from an official ClawHub entry or a vetted repo. 2) Create a token limited to the minimum scopes needed (do not reuse general-purpose or high-privilege credentials). 3) Review the npm dependency @onreza/gitverse-sdk on npm (and its recent history) if you rely on it. 4) Consider installing/building in an isolated environment or container and verify the CLI behavior with a test token. If you cannot verify the source or token scope, treat this skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe code and documentation implement a GitVerse API client (repos, issues, pulls) consistent with the name/description. However, the registry metadata lists no required environment variables or primary credential, while the SKILL.md and runtime code clearly require GITVERSE_TOKEN (and optionally GITVERSE_BASE_URL). That metadata omission is an incoherence the user should be aware of.
Instruction Scope: noteSKILL.md instructs building and running the CLI and setting GITVERSE_TOKEN (or .env). The runtime instructions do not ask the agent to read unrelated system files or exfiltrate data. Two small inconsistencies: SKILL.md/README note the API base URL as https://api.gitverse.ru while the code default is 'https://gitverse.ru/api/v1'; and installation examples hard-code a specific Node path (~/.nvm/versions/node/v22.12.0/...), which is brittle but not malicious.
Install Mechanism: okThis skill is instruction-only in the registry but includes source and built JS and uses standard npm dependencies (@onreza/gitverse-sdk, commander, dotenv). Dependencies are pulled from the public npm registry (package-lock shows resolved tgz). No obscure download URLs, extract steps, or custom installers were observed.
Credentials: concernThe code requires a secret token (GITVERSE_TOKEN) and accepts an optional GITVERSE_BASE_URL. Those are reasonable for an API client, but the skill metadata omits them. The mismatch means automated permission checks could miss that a secret is required. You should verify what token scopes are needed and avoid reusing broader credentials.
Persistence & Privilege: okThe skill does not request always: true, does not modify other skills, and has no install-time steps that alter system-wide settings beyond typical npm install/build. It runs as a CLI using the provided token.