Skillv1.0.0

ClawScan security

Last 30 Days · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:27 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions largely match its stated purpose (recent social/web research), but the SKILL.md contains highly prescriptive prompts and a flagged prompt-injection pattern — something to review before trusting it with API keys or autonomous runs.
Guidance: This skill appears to do what it says: local Python code searches Reddit/X (when you provide API keys) and the web, then synthesizes findings. Before installing or running it: 1) Review SKILL.md and the shipped Python files yourself (or in a sandbox) because the skill will execute code locally and follows the SKILL.md as its runtime instructions. 2) The skill can create ~/.config/last30days/.env and ~/.cache/last30days — store any API keys there only if you trust the source; prefer environment variables or ephemeral keys. 3) The pre-scan flagged a prompt-injection pattern in SKILL.md; inspect the full SKILL.md for any hidden or manipulative directives (especially ones that tell the agent to ignore user input or hide sources). 4) If you plan to let agents invoke this skill autonomously, consider running it first in mock mode (--mock) or in an isolated/containerized environment and avoid granting unnecessary API keys until you are comfortable with its outputs. 5) If you need higher assurance, request the skill author/source or run the code review in a secure environment. The overall footprint is coherent with the described purpose, but the prescriptive/injection-like instructions justify caution.
Findings: [prompt-injection:you-are-now] unexpected: The pre-scan detected a prompt-injection pattern inside SKILL.md. The visible SKILL.md is highly prescriptive and contains instructions intended to control agent behavior; this can be normal for skills but the presence of an injection-style pattern should be reviewed manually to ensure no hidden or coercive instructions are present.

Review Dimensions

Purpose & Capability: okName/description match the code: the package performs Reddit + X + web research for the last 30 days. The files implement searching, enrichment, normalization, deduplication, caching, and model selection. Requested capabilities (OPENAI/XAI keys) are exactly what the code uses and the SKILL.md documents them as optional.
Instruction Scope: noteSKILL.md instructs the agent to run the bundled Python script, create a config at ~/.config/last30days/.env, and to avoid asking the user about the target tool before research. The instructions are prescriptive and include rules (e.g., 'USE THE USER'S EXACT TERMINOLOGY', 'DO NOT output "Sources:" list') that influence agent behavior. A prompt-injection pattern was detected in SKILL.md; while the file otherwise remains within the research scope, those persuasive directives merit manual review because the SKILL.md is the runtime instruction set the agent will follow.
Install Mechanism: okNo install spec is provided (instruction-only install), so nothing is downloaded during install. The skill ships Python code that the agent will execute locally; that is expected for this kind of skill. There are no remote installers or downloads in the manifest.
Credentials: okThe only credentials the code uses are OPENAI_API_KEY and XAI_API_KEY (both optional per SKILL.md). The code reads/writes only skill-specific config/cache under the user's home (~/.config/last30days, ~/.cache/last30days). No unrelated secrets or system credentials are requested.
Persistence & Privilege: okalways is false and the skill does not request elevated privileges or modify other skills. It will create local config and cache files under the user's home directory, which is ordinary for a local tool. Autonomous invocation is allowed (platform default) — combine that with the prescriptive SKILL.md when deciding whether to allow it to run without supervision.