Pluginv0.1.0

ClawScan security

Trend Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 29, 2026, 2:58 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it says (query a remote trend aggregator) but it relies on a personal Cloudflare Workers endpoint and references an API key header without declaring or documenting credential handling — this mismatch and the external endpoint make it worth caution.
Guidance: This skill forwards your queries to an external MCP/HTTP endpoint hosted on a personal Cloudflare Workers domain and mentions using an X-API-Key header but does not declare how that key should be provided. Before enabling: 1) confirm you trust the owner and the workers.dev hostname (ask for an organization, privacy/data-retention policy, and contact). 2) Do not send secrets or sensitive PII through the skill until you verify storage/retention. 3) Ask the author to declare the required credential in the skill metadata (so the platform can handle it securely) and to host the service on an official domain or provide source code or a repo. 4) If you proceed, test with non-sensitive/dummy queries first.
Findings: [scanner/no-findings] expected: Regex-based scanner found nothing to analyze. That is expected because this is an instruction-only skill with no code files; absence of findings is not evidence of safety.

Purpose & Capability: noteName/description match the runtime instructions: the SKILL.md exclusively describes calling a remote MCP/HTTP API to aggregate trends. The declared behavior (trending, search, digest) aligns with the remote endpoints and tool names.
Instruction Scope: noteInstructions only direct network calls to a remote MCP server and HTTP API; there are no instructions to read local files, environment variables, or other system state. This is within the expected scope for a remote integration, but it does mean user queries and any included context will be sent to the external host.
Install Mechanism: okNo install spec and no code files — instruction-only skill — so nothing is written to disk or installed locally. This lowers risk compared with downloadable/exec installs.
Credentials: concernSKILL.md requires/mentions an API key via the X-API-Key header for authenticated calls, but the skill metadata lists no required environment variables or primary credential. The mismatch (references a secret but doesn't declare where/how it should be supplied) is a meaningful inconsistency. Also the API host is a personal Cloudflare Workers domain (zhengchao-qqqqq.workers.dev) rather than an official company domain, which raises questions about ownership and data handling.
Persistence & Privilege: okalways is false and there is no install activity or config writes. The skill does not request elevated or persistent platform privileges.