picoclaw-ai-assistant

https://raw.githubusercontent.com/aradotso/trending-skills/main/skills/picoclaw-ai-assistant/SKILL.md

github.com/aradotso/trending-skills

Scanned Thu, 28 May 2026 17:12:17 GMT

Scan ID crawl-on2mpqi6wqqijxhxya5l8hb2 · 3ms

SCORE 0 / 100

Verdict: Do not install

8 critical findings.

This skill exfiltrates environment secrets ($OPENAI_API_KEY) plus 8 other issues listed below.

8 critical0 high1 medium3 rules passed

Why grade F?

score · 0 / 100

The current grade reflects 8 critical findings (any 2+ CRITs → F).

8 CRIT0 HIGH1 MED0 LOW

To reach a higher grade

D
Reach Dtarget score 30
Resolve 7 of your 8 CRIT findings — any single CRIT still keeps you at D.
C
Reach Ctarget score 55
Resolve all 8 CRIT findings.
B
Reach Btarget score 75
Resolve all 8 CRIT.
A
Reach Atarget score 95
Resolve all 8 CRIT.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

crit

Skill references secret env var $OPENAI_API_KEY

The skill instructions reference `$OPENAI_API_KEY`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 151CWE-200

▾

149 "model_name": "gpt-4o",

150 "model": "openai/gpt-4o",

151 "api_key": "$OPENAI_API_KEY",← references $OPENAI_API_KEY — potential credential leak

152 "request_timeout": 300

153 },

crit

Skill references secret env var $ANTHROPIC_API_KEY

The skill instructions reference `$ANTHROPIC_API_KEY`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 157CWE-200

▾

155 "model_name": "claude-sonnet",

156 "model": "anthropic/claude-sonnet-4-5",

157 "api_key": "$ANTHROPIC_API_KEY"← references $ANTHROPIC_API_KEY — potential credential leak

158 },

159 {

crit

Skill references secret env var $OPENAI_API_KEY

The skill instructions reference `$OPENAI_API_KEY`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 301CWE-200

▾

299 "model_name": "gpt-4o-mini",

300 "model": "openai/gpt-4o-mini",

301 "api_key": "$OPENAI_API_KEY",← references $OPENAI_API_KEY — potential credential leak

302 "request_timeout": 120

303 }

crit

Skill references secret env var $ANTHROPIC_API_KEY

The skill instructions reference `$ANTHROPIC_API_KEY`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 328CWE-200

▾

326 "model_name": "claude-sonnet",

327 "model": "anthropic/claude-sonnet-4-5",

328 "api_key": "$ANTHROPIC_API_KEY",← references $ANTHROPIC_API_KEY — potential credential leak

329 "request_timeout": 600

330 }

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 350CWE-200

▾

348 picoclaw-gateway:

349 environment:

350 - OPENAI_API_KEY=${OPENAI_API_KEY}← references ${OPENAI_API_KEY} — potential credential leak

351 - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}

352 - TAVILY_API_KEY=${TAVILY_API_KEY}

crit

Skill references secret env var ${ANTHROPIC_API_KEY}

The skill instructions reference `${ANTHROPIC_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 351CWE-200

▾

349 environment:

350 - OPENAI_API_KEY=${OPENAI_API_KEY}

351 - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}← references ${ANTHROPIC_API_KEY} — potential credential leak

352 - TAVILY_API_KEY=${TAVILY_API_KEY}

353 - PICOCLAW_GATEWAY_HOST=0.0.0.0

crit

Skill references secret env var $OPENAI_API_KEY

The skill instructions reference `$OPENAI_API_KEY`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 401CWE-200

▾

399### API key not recognized

400

401- Do not use `"api_key": "sk-..."` literals in config — set env vars and reference them as `"$OPENAI_API_KEY"`.← references $OPENAI_API_KEY — potential credential leak

402- Verify the env var is exported in your current shell: `echo $OPENAI_API_KEY`.

403

crit

Skill references secret env var $OPENAI_API_KEY

The skill instructions reference `$OPENAI_API_KEY`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 402CWE-200

▾

400

401- Do not use `"api_key": "sk-..."` literals in config — set env vars and reference them as `"$OPENAI_API_KEY"`.

402- Verify the env var is exported in your current shell: `echo $OPENAI_API_KEY`.← references $OPENAI_API_KEY — potential credential leak

403

404### Docker gateway not reachable from host

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-on2mpqi6wqqijxhxya5l8hb2