Back to skill
Skillv1.0.2
ClawScan security
RocketChat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 10:38 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Rocket.Chat REST API helper whose required binaries and environment variables match its described purpose.
- Guidance
- This skill is coherent with its description: it will use the RC_URL, RC_TOKEN and RC_USER_ID you provide to call Rocket.Chat REST endpoints (read/post/edit messages, manage channels/users depending on token privileges). Because the skill is instruction-only (no installer), it won't drop code on disk, but any agent using this skill will be able to act with the permissions of the supplied token. Before installing, consider using a dedicated bot/service account with minimal required permissions (avoid full admin tokens unless necessary), restrict the token's scope and rotate it regularly, and ensure RC_URL points to a trusted Rocket.Chat instance. Also review the agent's actions when it runs (or disable autonomous invocation if you want manual control). The regex scanner found no code to analyze, which is expected for an instruction-only skill.
Review Dimensions
- Purpose & Capability
- okName/description claim Rocket.Chat REST API access; required env vars (RC_URL, RC_TOKEN, RC_USER_ID) and required binaries (curl, optional jq) are exactly what an API-based chat integration needs.
- Instruction Scope
- okSKILL.md contains concrete curl examples that only reference the Rocket.Chat API, the declared env vars, and optional jq. It does not instruct reading unrelated system files, other credentials, or exfiltrating data to unexpected endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only. Nothing is downloaded or written to disk by an installer.
- Credentials
- okRequested environment variables are limited to the Rocket.Chat URL and authentication (RC_URL, RC_TOKEN, RC_USER_ID). This is proportionate to the documented capabilities (posting, reading, managing messages/users).
- Persistence & Privilege
- okalways is false and the skill makes no requests to modify agent/system configuration. Autonomous invocation is allowed (platform default) but not combined with elevated persistence or other concerning privileges.