Skillv1.0.0

ClawScan security

Notes Reminders · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 1:07 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions expect Node scripts and channel posting (looks like Slack) but the package provides no scripts, no Node requirement, and requests no credentials — these mismatches make the skill incoherent and risky to install as-is.
Guidance: Do not install this skill as-is. The SKILL.md expects Node scripts (scripts/notes.js, scripts/reminders.js) that are not included and describes sending reminder messages to a channel ID without declaring any API/token requirements. Ask the publisher for the full source (the scripts), an explanation of which messaging service the channel ID refers to, and which environment variables (e.g., SLACK_BOT_TOKEN) are required. Verify the scripts' contents before running them. If you need this functionality, prefer a skill that includes code or a hosted integration with clear auth instructions. If you must test, run in a strict sandbox and do not provide production credentials until you have reviewed the code.

Review Dimensions

Purpose & Capability: concernThe skill claims to manage notes and reminders, which plausibly requires local scripts and a way to post reminder messages to a channel. However the registry lists no code files and no required environment variables or binaries. The SKILL.md's metadata references scripts (scripts/notes.js, scripts/reminders.js) that are not present in the manifest — this is a direct mismatch between claimed capability and provided artifacts.
Instruction Scope: concernRuntime instructions tell the agent to run 'node scripts/notes.js' and 'node scripts/reminders.js', including a check-and-fire flow that sends messages to a channel ID (C0AHBLQ0P32). The instructions do not explain how channel posting is authenticated or which service (Slack or other) is being used. They also assume a Node runtime is available but no binary requirement is declared. Directing the agent to execute non-existent scripts and to post messages to an external channel is out of scope for the provided package.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk in general. But because the SKILL.md references local scripts that are missing, an agent might fail or attempt to fetch/run other commands at runtime. The absence of included scripts is an integrity problem rather than an installer risk.
Credentials: concernThe skill declares no required environment variables or primary credential, yet its workflow requires sending messages to a channel (channel ID format resembles Slack). Posting to channels normally requires API tokens (e.g., SLACK_BOT_TOKEN) and possibly additional config. The omission of any credential requirements is disproportionate and unexplained.
Persistence & Privilege: okalways is false and the skill does not request elevated persistence. Autonomous invocation is allowed but that is the platform default; there are no indicators the skill seeks permanent system-wide privileges.