ClawHub
Back to skill
v1.0.0

Pain Point Finder

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:05 AM.

Analysis

This appears to be a coherent Reddit research tool, with the main considerations being its PullPush network queries, user-supplied scan-file input, and minor provenance/version metadata inconsistencies.

GuidanceBefore installing, confirm you are comfortable sending Reddit research queries to PullPush and only pass intended scan output files to the deep-dive command; the artifacts do not show credential use, hidden persistence, or destructive behavior.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Powered by PullPush API — no API keys needed. ... node {baseDir}/scripts/pain-points.mjs deep-dive --from-scan <scan_output.json> --top 5

The skill explicitly uses an external API and can read a caller-provided scan JSON path for follow-up analysis; this is aligned with its Reddit research purpose but is still worth user awareness.

User impactYour search topic, subreddit choices, and post identifiers may be sent to PullPush, and the tool can read whichever scan JSON path is provided.
RecommendationUse only generated scan-result files with --from-scan, avoid passing sensitive local files, and do not include private information in search terms.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
metadata
Source: unknown; Homepage: none; Version: 1.0.0

The registry metadata lacks an external source/homepage and reports version 1.0.0, while included package metadata reports 2.0.0, creating a provenance/version consistency note.

User impactIt may be harder to independently verify the package origin or confirm which release is being reviewed.
RecommendationReview the included files before installing and prefer releases with consistent version metadata and a verifiable source repository.