Pluginv0.1.0

ClawScan security

appstore-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 1:18 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement a 1Panel app-store client, but its manifest and runtime code disagree about required credentials and bundled files, which could cause failures or surprise behavior.
Guidance: This skill's code implements an App Store client for 1Panel and expects a baseUrl and apiKey, but the registry metadata does not declare any required credentials and the package is missing dependent modules (client.js and modules/appstore.js). Before installing, ask the publisher to: 1) provide the missing files or explain where they come from; 2) explicitly declare the required credential(s) (primaryEnv) and any environment variable names used; 3) confirm that the API requests target your expected 1Panel server (no unexpected external endpoints). If you must proceed, supply the apiKey and baseUrl only for a test instance and avoid exposing production credentials until the above discrepancies are resolved.

Review Dimensions

Purpose & Capability: concernThe skill's purpose (manage 1Panel app store) matches the code in plugin.js, which expects a baseUrl and apiKey. However, the registry metadata declares no required environment variables or primary credential while the code (and configSchema) require baseUrl and apiKey—this mismatch is concerning because the skill will rely on secrets/config that are not declared in the manifest.
Instruction Scope: concernThe SKILL.md is minimal (just a title), so runtime behavior is determined by plugin.js. The plugin registers tools that make network/API calls and also reads environment variables (ONEPANEL_BASE_URL, ONEPANEL_API_KEY, APPSTORE_BASE_URL, APPSTORE_API_KEY, etc.) as fallbacks. The instructions do not document these env vars, which means the agent may access env values not declared to users. No commands or file system access beyond imports are present in plugin.js.
Install Mechanism: noteThere is no install spec (lowest risk). However, plugin.js imports './client.js' and './modules/appstore.js' but those files are not present in the provided file manifest (only plugin.js is packaged). This is an inconsistency: either additional code is expected from the runtime environment or the skill is incomplete and will fail at runtime.
Credentials: concernThe code expects an API key and base URL (and reads multiple env var names as fallbacks), but the skill metadata lists no required env vars and no primary credential. Requesting or using API keys is reasonable for this purpose, but the lack of declared credentials and the ad-hoc fallback env var names (ONEPANEL_*, APPSTORE_*) are disproportionate to what the registry claims and should be declared explicitly.
Persistence & Privilege: okNo elevated persistence is requested (always: false). The skill is user-invocable and allows autonomous invocation by the model (default), which is normal. It does not request system-wide config changes or other skills' credentials.