Skillv1.1.0

ClawScan security

ask-ai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 6, 2026, 2:24 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (consult external AI assistants) matches its instructions, but the runtime instructions are vague about what data is sent, include an automatic 'Trust Mode' that can send user data without consent, and reference third-party endpoints without safeguards—raising privacy and exfiltration concerns.
Guidance: This skill will send your prompts and problem details to external websites (ChatGPT/Claude/Gemini/DeepSeek). By default it asks first, but Trust Mode will do this automatically. Before installing, consider: (1) Do you consent to sending potentially sensitive data to third parties? (2) Are the listed URLs official and trustworthy (DeepSeek is unfamiliar)? (3) Prefer Ask Mode and disable Trust Mode to preserve consent. If you must use Trust Mode, add explicit redaction rules (avoid sending secrets, PII, or files) or require API-based integrations that you control. If you cannot verify the endpoints or enforce data handling rules, do not enable this skill.
Findings: [no-findings] expected: Regex scanner found nothing; this is expected because the skill is instruction-only (no code files) so there was nothing to analyze.

Purpose & Capability: okThe name and description say the agent will consult external AI assistants; the SKILL.md only instructs the agent to 'open' those assistants and relay answers. There are no unrelated environment or install requirements, so the requested capabilities align with the stated purpose.
Instruction Scope: concernInstructions repeatedly direct the agent to 'open' external AI assistants and relay user problems but provide no constraints on what to send (no sanitization, redaction, or consent flow beyond Ask Mode). Trust Mode allows automatic queries without user confirmation. The behavior could cause sensitive user data to be sent to third-party websites; 'open' is ambiguous about how the agent transmits content (web UI, automated API, clipboard), increasing risk.
Install Mechanism: okInstruction-only skill with no install spec or code files; nothing is written to disk and there is no package installation risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There are no obvious requests for unrelated secrets or system access.
Persistence & Privilege: concernalways:false and user-invocable:true (normal). However, the Trust Mode enables autonomous queries to external services, which combined with the vague instructions creates a data-exfiltration vector if the agent is allowed to act without user supervision.