setup
Automates the initial setup for NanoClawbster, including dependency installation and WhatsApp authentication, streamlining user onboarding.
Install this skill
or
7/100
Security score
The setup skill was audited on Mar 3, 2026 and we found 11 security issues across 5 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 50
Piping content to sh shell
SourceSKILL.md
| 50 | - Linux: install with `curl -fsSL https://get.docker.com | sh && sudo usermod -aG docker $USER`. Note: user may need to log out/in for group membership. |
high line 20
Curl to non-GitHub URL
SourceSKILL.md
| 20 | - Linux: `curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash - && sudo apt-get install -y nodejs`, or nvm |
high line 50
Curl to non-GitHub URL
SourceSKILL.md
| 50 | - Linux: install with `curl -fsSL https://get.docker.com | sh && sudo usermod -aG docker $USER`. Note: user may need to log out/in for group membership. |
medium line 78
Access to .env file
SourceSKILL.md
| 78 | If HAS_ENV=true from step 2, read `.env` and check for `CLAUDE_CODE_OAUTH_TOKEN` or `ANTHROPIC_API_KEY`. If present, confirm with user: keep or reconfigure? |
medium line 82
Access to .env file
SourceSKILL.md
| 82 | **Subscription:** Tell user to run `claude setup-token` in another terminal, copy the token, add `CLAUDE_CODE_OAUTH_TOKEN=<token>` to `.env`. Do NOT collect the token in chat. |
medium line 84
Access to .env file
SourceSKILL.md
| 84 | **API key:** Tell user to add `ANTHROPIC_API_KEY=<key>` to `.env`. |
medium line 178
Access to .env file
SourceSKILL.md
| 178 | **Service not starting:** Check `logs/nanoclawbster.error.log`. Common: wrong Node path (re-run step 10), missing `.env` (step 4), missing auth (step 5). |
high line 10
Prompting for password/secret input
SourceSKILL.md
| 10 | **Principle:** When something is broken or missing, fix it. Don't tell the user to go fix it themselves unless it genuinely requires their manual action (e.g. scanning a QR code, pasting a secret toke |
low line 20
External URL reference
SourceSKILL.md
| 20 | - Linux: `curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash - && sudo apt-get install -y nodejs`, or nvm |
low line 49
External URL reference
SourceSKILL.md
| 49 | - macOS: install via `brew install --cask docker`, then `open -a Docker` and wait for it to start. If brew not available, direct to Docker Desktop download at https://docker.com/products/docker-deskto |
low line 50
External URL reference
SourceSKILL.md
| 50 | - Linux: install with `curl -fsSL https://get.docker.com | sh && sudo usermod -aG docker $USER`. Note: user may need to log out/in for group membership. |
Scanned on Mar 3, 2026
View Security DashboardInstall this skill with one command
/learn @sskarz/setup