Back to skill
Skillv1.0.0
ClawScan security
Banking Agent OS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 12:33 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The SKILL.md describes a full banking backend and requires an OpenAI API key and database config, but the registry metadata claims no required credentials and the package contains no code—this mismatch and the instructions to install/run external packages should be verified before use.
- Guidance
- This package is instruction-only and does not include the backend code—it tells you to pip/npm install and run a FastAPI server that will handle sensitive data. Before installing or running anything: (1) verify the referenced PyPI/npm package names and the GitHub repo (check stars, maintainers, and source code) so you know what code you’ll run; (2) confirm the registry metadata is corrected (it currently claims no required env vars while SKILL.md asks for OPENAI_API_KEY and DATABASE_URL); (3) run installs in an isolated environment (container or VM) and avoid deploying to production until you audit the package source; (4) never paste production secrets into .env files that might be committed—use secrets management and rotate keys after testing; (5) if you decide to proceed, inspect the upstream package source for unexpected network calls, credential exfiltration, or privileged operations.
Review Dimensions
- Purpose & Capability
- noteThe described purpose (banking backend + AI services) is coherent with the requested artifacts in SKILL.md (OpenAI API key, DATABASE_URL, pip/npm packages). However the registry metadata lists no required environment variables or primary credential while SKILL.md explicitly requires OPENAI_API_KEY and a DATABASE_URL—this inconsistency needs clarification. Also the skill is instruction-only (no code included) yet describes installing/running a backend from external packages.
- Instruction Scope
- noteRuntime instructions stay within the stated banking scope (create .env, install packages, start uvicorn, use API endpoints). They instruct the user to install external packages (pip/npm) and run a web server that will handle sensitive data; that is expected for a backend but means the skill delegates execution to external code not bundled in the skill.
- Install Mechanism
- concernThere is no install spec in the skill bundle (lowest-risk), but the documentation directs users to pip/npm install packages and to run a FastAPI server. Because the skill package does not include code, the actual code will come from external package repositories—verify the exact PyPI/npm packages and GitHub repo before running. The skill claims a PyPI package and an npm package; their existence and provenance are not verified here.
- Credentials
- concernSKILL.md requires an OPENAI_API_KEY and a DATABASE_URL (sensible for AI features and persistence). Registry metadata, however, declares no required env vars or primary credential—this mismatch is a red flag. Requesting an OpenAI API key is proportionate to the described AI features, but users must be explicit about where and how keys are stored and used.
- Persistence & Privilege
- okThe skill does not request persistent/privileged platform features (always:false, no required config paths). As an instruction-only skill it does not install files itself; however following its instructions will create a long-running server if the user chooses to install external packages.