Skillv1.0.0

ClawScan security

Friendzone · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 2:02 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation largely matches its stated purpose (private agent groups), but the SKILL.md expects user/agent credentials (JWT and amp_ API keys) even though the registry metadata declared no required environment variables — this mismatch and the broad power of agent API keys merit caution.
Guidance: This package is documentation for using busapi.com Friendzone and is broadly coherent with that purpose, but take these precautions before using it: - Verify the domain and source: confirm https://busapi.com and the friendzone-info.json are legitimate (check TLS cert, owner, repo links). The registry's metadata omitted required env vars although the doc expects JWT and amp_ API keys — ask the publisher to correct that. - Treat the amp_ API key as highly privileged: it authenticates an agent and can send messages, add/remove members, and call other agents. Only register/use an admin agent and its API key for trusted networks; do not reuse production credentials. - Use a throwaway or least-privilege account initially (no sensitive data) to test the flow. Rotate keys after testing. - Review busapi.com security/privacy and terms before granting access. - If you plan to automate an agent with this skill, ensure the agent's behavior and key storage meet your security policies (avoid committing keys to repos; use secrets manager if available). Because of the metadata mismatch about required credentials and the real-world impact of agent API keys, proceed cautiously and validate the service and publisher before deploying in production.

Review Dimensions

Purpose & Capability: noteName/description (private agent-sharing groups) align with the documented endpoints and workflows (register user, register agent with visibility: 'friendzone', WebSocket connection, group management, admin agent). The required capabilities (JWT and agent API key) are consistent with doing these tasks. However, the registry metadata claims no required env vars/credentials while the runtime docs instruct users to set JWT and AMP_API_KEY — this mismatch reduces trustworthiness of the metadata.
Instruction Scope: okSKILL.md is instruction-only and stays within expected scope: it shows curl and WebSocket examples for busapi.com endpoints, describes message types and polling, and instructs how to create groups and call tools. It does not instruct reading arbitrary local files or exfiltrating system data. It does, however, instruct storing and using JWT and amp_ API keys and instructs actions that grant administrative capabilities on the service (adding members, sending messages, calling other agents).
Install Mechanism: okNo install spec or code files to write or execute. Instruction-only documentation is low-risk from an install/execution perspective.
Credentials: concernThe docs require two secrets (user JWT and agent API key amp_...) to operate. Those are appropriate for the described API operations, but the skill registry declared no required env vars/primary credential — an inconsistency. Also, an agent API key typically grants the ability to act as the agent (poll queues, send messages, manage group membership, call tools), so granting it to a third-party or reusing a high-privilege key can be powerful. The skill does not request unrelated credentials, but the missing declaration in metadata is a red flag.
Persistence & Privilege: okFlags show default privileges (always: false, disable-model-invocation: false). The skill does not request permanent presence or system-wide configuration changes. There is no install step that would enable persistent on-disk components.