Back to skill
Skillv0.1.3
ClawScan security
modora · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 28, 2026, 4:47 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's required files, environment variables, and runtime instructions match its stated purpose of uploading PDFs and querying a remote MoDora service; the main risk is that you must trust the remote server with your supplied model credentials, which the skill explicitly warns about.
- Guidance
- This skill is internally consistent for its stated purpose. Before installing: (1) only use it if you trust the remote MoDora operator — the skill will transmit your MODORA_USER_API_KEY and related model info to that server; (2) follow the requirement to supply a user-owned settings.json that contains no secrets; (3) you must explicitly opt into remote credential use (--allow-remote-credentials or MODORA_ALLOW_REMOTE_CREDENTIALS=1) to run upload/chat; (4) prefer testing with an ephemeral or scoped API key and confirm the base URL uses HTTPS; (5) if you do not trust the operator, deploy MoDora locally instead or do not use the skill. The code is straightforward and readable; inspect it yourself if you need further assurance.
Review Dimensions
- Purpose & Capability
- okName/description (PDF analysis via remote MoDora) aligns with requested artifacts: python3, scripts for upload/health/wait/chat, and environment variables for base URL, API key, endpoint, and model. The requested env vars are consistent with a design where the remote service uses user-managed model credentials.
- Instruction Scope
- okSKILL.md and the scripts limit actions to: validating a user-owned settings.json (for routing), enforcing absolute file paths, requiring explicit acknowledgement before remote operations, performing health/upload/status/chat calls to the configured MoDora base URL, and refusing to fall back to server defaults. The instructions do not read unrelated files, system state, or other credentials.
- Install Mechanism
- okNo install spec or external downloads; the skill is provided as included Python scripts that run with python3. No remote installers or package downloads are invoked, lowering install-time risk.
- Credentials
- noteThe required env vars (MODORA_BASE_URL, MODORA_USER_API_KEY, MODORA_USER_ENDPOINT, MODORA_USER_MODEL) are consistent with the skill's design, but they are highly sensitive: the scripts send the API key and endpoint to the remote MoDora service (Authorization and X-Modora-Endpoint headers). The SKILL.md warns and requires explicit user acknowledgement, which is appropriate, but users must understand this means their model credentials are transmitted to and used by that remote operator.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills or system-wide configs, and has no install-time persistence beyond the provided scripts. Autonomous invocation is allowed (platform default) but there are no additional privileges requested.