Skillv0.2.1

ClawScan security

PPIO Multimodal Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

ReviewMar 13, 2026, 6:59 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior is largely consistent with a PPIO multimodal client, but the runtime instructions ask the agent to scan user messages for API keys and reference config/env locations that aren't declared in the manifest — and they explicitly encourage pasting API keys into chat, which is a risky pattern.
Guidance: This skill looks like a normal PPIO client, but be cautious before using it with real API keys. Do not paste your API key into chat messages — the SKILL.md explicitly asks the agent to look for 'sk_' tokens in user messages, which could leak credentials into conversation logs or to third parties. Prefer configuring the key via a local config file (~/.ppio/config.json) or a protected environment variable (PPIO_API_KEY). Note the skill manifest did not declare these env/config requirements — ask the author to document required env vars and config paths. If you decide to use it, create an API key with minimal scope and billing limits you can tolerate, avoid sharing keys in messages, and rotate/delete the key after testing.

Purpose & Capability: okThe skill claims to call PPIO multimodal endpoints and all templates, endpoints, and examples point to https://api.ppio.com and models consistent with that purpose. Needing an API key is expected for this functionality.
Instruction Scope: concernThe SKILL.md explicitly instructs the agent to check user messages for API keys (sk_ prefix) and to read ~/.ppio/config.json or PPIO_API_KEY. Asking the agent to parse user messages for keys and to accept keys pasted directly in chat increases risk of accidental credential exposure or exfiltration. The instruction to always send a progress message prior to calling the API is benign but prescriptive.
Install Mechanism: okInstruction-only skill with no install spec or code to download. This is lowest-risk in terms of disk writes or third-party package installation.
Credentials: concernThe manifest lists no required env vars or config paths, but SKILL.md relies on PPIO_API_KEY and ~/.ppio/config.json and accepts keys pasted in messages — a mismatch. While the requested secrets are appropriate for the stated purpose (an API key), the skill encourages insecure user behavior (pasting keys into chat) and the manifest does not declare these expected environment/config requirements.
Persistence & Privilege: okalways:false and default autonomous invocation are used. The skill doesn't request persistent system-wide changes or modify other skills' configs.