Skillv1.0.6

ClawScan security

Cloudflare R2 CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 7:31 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and SKILL.md are consistent with a minimal Cloudflare R2 CLI, but registry metadata omits required sensitive environment variables and there are a few operational oddities worth checking before use.
Guidance: This skill appears to be a straightforward R2 CLI, but be careful: the registry metadata claims no required env vars while the SKILL.md and r2.py require five sensitive environment variables (account ID, access key ID, secret, bucket, region). Before installing or enabling this skill: - Treat CF_R2_ACCESS_KEY_ID and CF_R2_SECRET_ACCESS_KEY as sensitive credentials and provide them via a secure secret manager or ephemeral environment, not in persistent config or code. - Confirm the platform/registry entry is updated to declare required env vars so secrets aren't accidentally omitted or exposed by automation. - Test the script in a non-production environment first (it reads env vars at import and will exit if they are missing). - Review that the ACCOUNT_ID you supply will result in requests to *.r2.cloudflarestorage.com (the code enforces this host). - If you need least-privilege, create an access key limited to the specific bucket and operations required. If the metadata mismatch was intentional or you cannot confirm origin/trustworthiness of the skill source, do not provide production credentials.

Review Dimensions

Purpose & Capability: concernThe declared purpose (Cloudflare R2 CLI) matches the code and instructions (upload/download/list/delete using AWS SigV4). However the registry metadata at the top of the provided manifest claims no required env vars/binaries while SKILL.md and the code require five sensitive environment variables (account id, access key id, secret, bucket, region). This metadata mismatch is incoherent and could cause automated platforms to mis-handle secrets or permissions.
Instruction Scope: noteSKILL.md instructs the user to set and verify environment variables and to install defusedxml if missing; those instructions stay within the stated purpose. One operational detail: the code reads required environment variables at import time and exits if they are missing, which means simply loading or invoking the skill without env vars will terminate the process — this is a behavior the runtime should be aware of but is not inherently malicious.
Install Mechanism: okThis is an instruction-only skill with no install spec and a single Python file. It uses defusedxml (recommended to be pip-installed). No downloads from untrusted URLs or archives are present; installation risk is low.
Credentials: concernThe skill legitimately requires Cloudflare R2 credentials (ACCESS_KEY_ID and SECRET_ACCESS_KEY, account id, bucket). Those sensitive env vars are appropriate for the stated functionality. The concern is the inconsistent registry metadata (claims no required envs) which could hide or misrepresent the need to provide secrets to the runtime. The number and type of env vars requested are otherwise proportionate to the task.
Persistence & Privilege: okThe skill does not request permanent presence (always: false) and does not modify other skills or system-wide settings. Model invocation is allowed (default) but combined with the other findings does not by itself raise a privilege concern.