Skillv1.0.0

ClawScan security

Competitor Radar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 3:55 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it claims (fetch RSS/GitHub/HN and score items) but contains hard-coded LLM credentials and undocumented credential usage, which is inconsistent and risky.
Guidance: Do not install or run this skill without review. The code contains a hard-coded LLM API key and local LLM endpoint (embedded secret) and also uses an optional GITHUB_TOKEN environment variable that is not documented. This is suspicious because secrets should not be hard-coded in distributed code. Before using: (1) inspect radar.py and _write_radar.py yourself (or with a dev) and remove any embedded API keys, replacing them with environment-configured values; (2) supply your own LLM endpoint/key via environment variables or local config and confirm the endpoint is trusted; (3) be aware the script will make network requests to RSS feeds, api.github.com, hn.algolia.com and to the configured LLM endpoint; (4) if you do not control or recognize the embedded key, treat it as potentially compromised and do not expose sensitive data through the skill; (5) prefer running it in an isolated environment (non-privileged user, network-restricted) until you have sanitized the code. If you want, provide the full untruncated radar.py/_write_radar.py and I can point to the exact lines to change.

Review Dimensions

Purpose & Capability: concernThe stated purpose (monitor blogs, GitHub, HackerNews and produce reports) matches the code's fetching and reporting behavior, and requiring python3 is reasonable. However, the code embeds a hard-coded LLM API key and a local LLM endpoint (http://127.0.0.1:18790) directly in the scripts instead of using a declared/optional environment variable. Embedding a key in the code is disproportionate to the stated purpose and not documented in SKILL.md or requires.env.
Instruction Scope: concernSKILL.md only instructs running radar.py with an optional config and --no-ai, but the runtime code will call external services (GitHub API, hn.algolia, blogs) and a local LLM endpoint using a hard-coded API key. The instructions do not mention the LLM endpoint, the embedded API key, or optional env vars (e.g., GITHUB_TOKEN), so the runtime behavior is under-documented and gives the skill more network capability than the instructions disclose.
Install Mechanism: okNo install spec; the skill is instruction-and-code-only and only requires python3 on PATH. This is low install risk because nothing is downloaded during install.
Credentials: concernThe declared metadata lists no required environment variables, but the code optionally reads GITHUB_TOKEN and unambiguously contains a hard-coded LLM API key and endpoint in both radar.py and _write_radar.py. Requiring or shipping credentials in-code is not proportional: credentials should be optional and provided via environment variables or config, and any required tokens should be declared in the skill metadata.
Persistence & Privilege: okalways is false and there are no install hooks or modifications to other skills or system-wide settings. The skill can be invoked by the agent autonomously (default), which is expected for skills; that alone is not a concern here.