Skillv1.0.4

ClawScan security

Capture Classification · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 12:15 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The SOP's high-level purpose (route text to Tasks or a vector DB) matches its instructions, but the skill omits required credentials and lists an unrelated required binary, so its runtime needs and declared requirements do not line up.
Guidance: This skill's SOP is coherent at a high level, but several practical and security details are missing. Before installing or enabling it, ask the publisher (or check the platform) for: (1) which atomic nodes will be invoked exactly and what permissions/scopes those nodes require (Google Tasks OAuth scopes, API keys, LanceDB host/credentials); (2) why the 'gog' binary is declared as required and whether it's actually used; (3) where the vector store endpoint is configured and who controls it (to avoid writing sensitive text to an unknown external DB). If you don't get clear answers, do not enable the skill with broad agent credentials: at minimum, restrict the atomic nodes' permissions to only the needed Google Tasks scope, and verify the vector store endpoint is one you control. Also prefer a manifest that declares required env vars or config paths explicitly so you can review and consent to them.

Review Dimensions

Purpose & Capability: concernThe skill claims to route inbound text to Google Tasks or a vector store (LanceDB). The SKILL.md references atomic nodes (LLM-Classify-Intent, Google Tasks Create Task, Vector Store Upsert Memory) which is consistent with the stated purpose — but the declared requirements do not: the manifest lists no credentials or config for Google or any vector DB, and it requires a binary named 'gog' which is unrelated to the described functionality. Either credentials/connection info are missing from the manifest, or the skill expects implicit access via atomic nodes. This is an incoherence.
Instruction Scope: concernThe instructions direct the agent to invoke external atomic nodes that will call Google Tasks and a vector store and to retry on failures. The SKILL.md does not specify which Google account, scopes, or vector store endpoint to use, nor does it tell the agent to obtain user consent or to store tokens. The SOP also mentions LanceDB in the description but the runtime text only says 'Vector Store Upsert Memory' without identifying the vendor/endpoint. Because the skill will cause network actions (through atomic nodes) without declaring where credentials come from, the instruction scope is under-specified and potentially risky.
Install Mechanism: noteNo install spec and no code files (instruction-only), which minimizes on-disk risk. However the declared required binary 'gog' is unexpected for a purely orchestration SOP and there is no explanation of why it's required; that's a mismatch to note but not an installation-action risk because nothing will be written to disk by the skill itself.
Credentials: concernThe skill requires zero environment variables or credentials, yet it instructs calls to Google Tasks and a vector store (LanceDB implied). Those integrations normally require API keys or OAuth credentials. The absence of declared credentials is disproportionate: either the platform is expected to supply access via pre-configured atomic nodes (not documented), or the manifest is incomplete. This mismatch could lead to silent failures or unexpected use of existing agent credentials.
Persistence & Privilege: okThe skill is not marked 'always' and uses the default autonomous invocation flag, which is normal. It does not request any special persistent presence or claim to modify other skills or system-wide settings.