Skillv1.0.0

ClawScan security

Model Healthcheck · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 10:35 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's actions mostly match its purpose (it reads configured models and spawns test sessions), but it implicitly reads gateway config and will exercise configured provider credentials (possibly causing concurrent API calls, charges, or rate-limit issues) without declaring or warning about that — this mismatch and lack of safeguards is concerning.
Guidance: This skill will read your agent's gateway config to find every configured provider/model and then spawn concurrent test sessions that use those providers' credentials. Before installing or running it, consider: (1) it may trigger real API calls that incur usage charges and hit provider rate limits; (2) it runs tests concurrently with no built-in throttling or confirmation; (3) it implicitly uses stored provider credentials though none are declared; (4) the SKILL.md doesn't ask the user to confirm testing all models or long-running batches. Recommended precautions: only run the skill on a subset of models first (or request the skill be modified to ask for confirmation), add concurrency limits or sequential mode, ensure you understand provider billing/quota, and verify you are comfortable the agent can read gateway config and use those credentials. If the author can provide an explicit note that the skill will use configured provider credentials and add safety controls (confirm, throttling, per-model testing), my confidence in its coherence would increase.

Review Dimensions

Purpose & Capability: okThe name/description (test all configured models) align with the instructions: read configured models and spawn short test sessions for each provider/model. The required resources (none declared) are plausible because the skill is instruction-only and uses the agent's gateway/config and session APIs.
Instruction Scope: concernThe SKILL.md explicitly tells the agent to call 'gateway config.get' to enumerate models and to call 'sessions_spawn' concurrently for every model. Reading the agent gateway config and spawning authenticated sessions is within the nominal goal, but the instructions give broad discretion (concurrent, multi-spawn) and do not require user confirmation, rate-limiting, cost-awareness, or limits on concurrency. It also assumes access to provider credentials in the gateway config without documenting that fact.
Install Mechanism: okNo install spec and no code files — instruction-only. This has low install risk because nothing is downloaded or written to disk.
Credentials: concernThe skill declares no required environment variables, but it instructs reading gateway config and using configured provider/model IDs. That implicitly uses whatever provider credentials are stored in the agent configuration. The implicit access to provider credentials (and the ability to cause API calls and potential charges) is not declared or explained, which is disproportionate to the 'no env needed' claim.
Persistence & Privilege: okalways is false and the skill is user-invocable. There is no install, no writes to other skills' configs, and no request for permanent presence. Normal invocation privileges only.