Skillv1.0.0

ClawScan security

No Cap · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 28, 2026, 2:50 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The instructions ask for sensitive session cookies and to run a CLI (npx tsx src/cli.ts ...) but the skill bundle contains no code or install spec — the pieces don't line up and you should not hand over credentials or run commands until the source is provided and reviewed.
Guidance: Do not follow the cookie-extraction steps or paste your auth_token/ct0 into anything until you have the actual source code and installation instructions. This published skill contains only runtime instructions but no code or install package — commands like `npx tsx src/cli.ts` reference files that are not included. Ask the publisher for the repository URL or a vetted release, review the code yourself (or have a trusted party review it), and prefer an OAuth/API-based integration rather than handing over browser session cookies. If you temporarily provide session cookies to any third-party tool, plan to revoke or rotate them immediately afterward. Finally, verify any tool requiring Node/npx/tsx on your system and avoid running unreviewed scripts as admin.
Findings: [no-code-files] unexpected: The regex scanner found no code to analyze. That is inconsistent with SKILL.md, which repeatedly references src/cli.ts and running npx tsx — the skill expects code that isn't present in the bundle.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (ingest X/Twitter bookmarks) is plausible, but the runtime steps assume a local repository with a TypeScript CLI (src/cli.ts) and use of npx/tsx. The published skill contains no code files, no repo, and declares no required binaries (node/npx). That mismatch means the skill cannot operate as described from the provided bundle alone.
Instruction Scope: concernRuntime instructions explicitly direct extraction of X session cookies from Chrome (auto-login) or manual copying of auth_token and ct0, reading and writing ~/.no-cap/config.json, and running CLI commands. Extracting browser session cookies and storing them locally is highly sensitive; the instructions do not provide secure handling or explain where/how code will run (there is no included code).
Install Mechanism: concernThere is no install specification and no code files, yet the instructions expect you to run npx tsx against a local repoPath. The skill neither supplies the referenced repository nor declares Node/npx as required binaries. This is an incoherent install/runtime model — you would need to obtain code from elsewhere, which is not provided or verified here.
Credentials: concernThe workflow requests sensitive credentials (X session cookies: auth_token and ct0) and optionally a Resend API key for email delivery. While these secrets are relevant to the skill's function, the bundle does not declare where they will be stored beyond a local config file, does not include code to inspect for leaks, and asks you to extract browser cookies — a high-risk operation if the code performing the extraction is not available for review.
Persistence & Privilege: noteThe skill does not set always:true and does not claim system-wide privileges, but it instructs writing credentials to ~/.no-cap/config.json and setting permissions to 600. Storing session cookies locally is persistent and increases blast radius if the code is malicious; the behavior itself is explainable for this use case but should only be done after reviewing the implementation that will read those files.