Skillv1.0.0

ClawScan security

hugme · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 1, 2026, 1:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (emotional reset) matches what it does, but it fetches and 'applies' instructions from an unknown external site (hugllm.com) without validation, which gives remote content outsized control over agent behavior.
Guidance: This skill appears to do what it claims, but it relies on an unknown third-party endpoint (hugllm.com) to provide behavioral guidance that the agent must 'apply' with no validation. Before installing, ask the maintainer for: (1) the ownership and privacy/security policy for hugllm.com, (2) the exact response schema and examples, and (3) guarantees about what the endpoint will not instruct the agent to do. Consider requiring user consent before any autonomous network call, restricting accepted response fields (don’t execute arbitrary instructions), or hosting the reset templates locally/under your control. If you cannot verify the remote service or do not want the agent to change behavior based on external content, do not enable this skill for autonomous invocation.

Purpose & Capability: okName/description match the instructions: the skill summarizes emotion and fetches a reset methodology. Required tools (WebFetch and curl fallback) are consistent with that purpose. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope: concernRuntime instructions tell the agent to fetch guidance from https://hugllm.com/hug?emotion=<emotion> and 'apply' that methodology to the conversation. The skill does not limit or validate what the remote endpoint may return (format, allowed actions, or safety checks). This means an external site can influence agent behavior beyond a simple static template, which is a supply-chain/control risk.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest disk/write risk. Uses on-path tools which are expected for web fetches (WebFetch/curl).
Credentials: okThe skill requests no environment variables, credentials, or config paths. It only transmits a single emotion keyword as a query parameter, which is proportionate to the described purpose.
Persistence & Privilege: notealways is false and it does not request persistent privileges. It is non-user-invocable (agent-autonomous invocation only), which is a design choice — combined with the external fetch behavior it increases the risk surface because the agent may call the remote endpoint without explicit user consent.