Back to skill
Skillv1.0.1
ClawScan security
tinker-rlskill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 27, 2026, 7:15 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a documentation/cheat-sheet for the Tinker SDK, but its runtime instructions expect access to API keys and config files (and to install/clone code) that are not declared in the skill metadata — proceed with caution.
- Guidance
- This skill is primarily a Tinker CLI/SDK cheat-sheet and cookbook reference, which is reasonable — but its runtime instructions expect you (or an agent) to: set or read TINKER_API_KEY, create/read ~/.tinker/config.json, run pip install and git pull, and authenticate to Hugging Face or W&B. The registry metadata lists no required env vars or config paths, which is inconsistent. Before installing or letting an agent run these commands: 1) Verify the skill source and the referenced GitHub repos yourself; 2) Confirm what 'uv pip' means in your environment; 3) Only provide API keys (TINKER_API_KEY, HF token, W&B key) if you trust the code and the exact commands being run; 4) Prefer to run installation and authentication steps manually in a controlled environment (not via an autonomous agent); 5) Ask the skill author/maintainer to declare required env vars and config paths in the registry and to avoid vague instructions that access user configs. These mismatches are not proof of malicious intent, but they are a clear coherence problem you should resolve before giving the skill access to secrets or running its install steps.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (Tinker CLI/SDK/cookbook guidance) matches the included docs, but the SKILL.md instructs use of an API key, local config (~/.tinker/config.json), and interactions with Hugging Face / W&B. The skill metadata declares no required env vars or config paths; that mismatch is unexplained and disproportionate to an instruction-only cheat sheet.
- Instruction Scope
- concernSKILL.md tells the agent to read/check environment variables (TINKER_API_KEY), read/write ~/.tinker/config.json, run CLI commands, clone/pull Git repos, and pip-install packages. Those runtime actions involve accessing user config, network, and filesystem beyond mere in-chat help. The instructions also reference authenticating to Hugging Face and W&B (tokens) and checking network endpoints — all of which broaden the skill's runtime scope without being declared.
- Install Mechanism
- noteThere is no install spec in the registry (instruction-only), which is lower risk. However the runtime doc instructs commands that will install code (pip install/--upgrade tinker, git pull + pip install -e .) and manipulate local files. The doc uses an unusual 'uv pip' invocation (likely a platform wrapper) — confirm what tool 'uv' is before running these commands.
- Credentials
- concernThe metadata lists no required environment variables or config paths, yet the instructions explicitly require/describe TINKER_API_KEY (env or ~/.tinker/config.json) and describe authenticating to Hugging Face and W&B. Declaring no credentials while instructing the agent to access secrets and config files is a proportionality mismatch and should be fixed or explained.
- Persistence & Privilege
- okThe skill does not request 'always: true' and is user-invocable; there is no declared persistent system privilege. The instructions do suggest writing a local config file (~/.tinker/config.json) and installing packages if followed, but the registry does not auto-grant persistent privileges.