Skillv0.1.5

ClawScan security

Fizzread · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 6:20 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose and requested permission are plausible for a book-summary connector, but the runtime instructions contain inconsistent and potentially risky guidance around API key handling (echoing/remembering user keys), so proceed with caution.
Guidance: This skill appears to do what it says (call a FizzRead API using curl), but the runtime instructions around API key handling are inconsistent and could expose secrets. Before installing or using: (1) prefer setting FIZZREAD_API_KEY as an environment variable on your machine rather than pasting any private or production key into the chat; (2) avoid running commands that print secrets (the SKILL.md suggests echoing the API key — that will output the key into logs/conversation); (3) be cautious about typing/pasting any sensitive key into the conversation because the skill explicitly tells the agent to 'remember' it for the session; (4) test with the bundled demo key first; (5) if you plan to use a real key, confirm how the agent stores conversation history and whether those logs are accessible. Finally, note the documentation inconsistency (demo-key fallback vs. example curl using $FIZZREAD_API_KEY) — ask the skill author to clarify the exact key-resolution behavior and remove any instruction that prints or persists secrets to chat logs.

Review Dimensions

Purpose & Capability: okName/description (book summaries + audio previews) match the declared requirements: a single API key (FIZZREAD_API_KEY) and curl are sufficient for the described HTTP-based functionality. No unrelated services or binaries are requested.
Instruction Scope: concernInstructions are mostly limited to making authenticated curl requests to skill.fizzread.ai and parsing responses (in-scope). However, there are notable inconsistencies and risky instructions: (1) the SKILL.md states a fallback to a bundled demo key if the env var is unset, but most example curl commands use $FIZZREAD_API_KEY directly (which would be empty if unset), creating contradictory behavior; (2) the guide tells the agent to run `echo "$FIZZREAD_API_KEY"` which will print the secret into command output (potentially exposing it in logs/conversation); (3) it asks the agent to 'remember' user-provided keys for the session and to substitute them directly into headers — this encourages storing secrets in the agent's conversational memory, which may be logged or retained; (4) the prescribed URL-encoding guidance is simplistic (replace spaces with %20) and may give a false sense of protection against shell injection if not implemented correctly.
Install Mechanism: okInstruction-only skill with no install spec and a minimal binary requirement (curl). Low install surface — nothing is downloaded or written to disk by the skill itself.
Credentials: noteThe skill requests a single environment variable (FIZZREAD_API_KEY), which is proportionate. However, the SKILL.md encourages users to paste keys into the conversation and instructs the agent to echo and remember keys in-session — practices that increase risk of accidental leakage. The included demo key is public and fine for testing but offers no confidentiality guarantees.
Persistence & Privilege: okThe skill does not request always:true, has no install routine, and does not modify other skills or system-wide settings. It retains only in-session memory of user-provided keys per its instructions (not a platform-level persistent privilege), which is a design choice but should be treated carefully.