setup
Automates the initial setup for NanoClawbster, including dependency installation and WhatsApp authentication, streamlining user onboarding.
Install this skill
or
0/100
Security score
The setup skill was audited on May 12, 2026 and we found 15 security issues across 5 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 70
Piping content to sh shell
SourceSKILL.md
| 70 | - Linux: install with `curl -fsSL https://get.docker.com | sh && sudo usermod -aG docker $USER`. Note: user may need to log out/in for group membership. |
high line 41
Curl to non-GitHub URL
SourceSKILL.md
| 41 | - Linux: `curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash - && sudo apt-get install -y nodejs`, or nvm |
high line 70
Curl to non-GitHub URL
SourceSKILL.md
| 70 | - Linux: install with `curl -fsSL https://get.docker.com | sh && sudo usermod -aG docker $USER`. Note: user may need to log out/in for group membership. |
medium line 25
Access to .env file
SourceSKILL.md
| 25 | The wizard detects existing state (`.env`, registered groups, running service) at each step and offers to skip or reconfigure. |
medium line 98
Access to .env file
SourceSKILL.md
| 98 | If HAS_ENV=true from step 2, read `.env` and check for `CLAUDE_CODE_OAUTH_TOKEN` or `ANTHROPIC_API_KEY`. If present, confirm with user: keep or reconfigure? |
medium line 102
Access to .env file
SourceSKILL.md
| 102 | **Subscription:** Tell user to run `claude setup-token` in another terminal, copy the token, add `CLAUDE_CODE_OAUTH_TOKEN=<token>` to `.env`. Do NOT collect the token in chat. |
medium line 104
Access to .env file
SourceSKILL.md
| 104 | **API key:** Tell user to add `ANTHROPIC_API_KEY=<key>` to `.env`. |
medium line 108
Access to .env file
SourceSKILL.md
| 108 | If `.env` already has `DISCORD_BOT_TOKEN`, confirm with user: keep or reconfigure? |
medium line 116
Access to .env file
SourceSKILL.md
| 116 | 6. Paste the token into `.env` as `DISCORD_BOT_TOKEN=<token>` |
medium line 174
Access to .env file
SourceSKILL.md
| 174 | **Service not starting:** Check `logs/nanoclawbster.error.log`. Common: wrong Node path (re-run step 8), missing `.env` (step 4). |
high line 31
Prompting for password/secret input
SourceSKILL.md
| 31 | **Principle:** When something is broken or missing, fix it. Don't tell the user to go fix it themselves unless it genuinely requires their manual action (e.g. pasting a secret token). If a dependency |
low line 41
External URL reference
SourceSKILL.md
| 41 | - Linux: `curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash - && sudo apt-get install -y nodejs`, or nvm |
low line 69
External URL reference
SourceSKILL.md
| 69 | - macOS: install via `brew install --cask docker`, then `open -a Docker` and wait for it to start. If brew not available, direct to Docker Desktop download at https://docker.com/products/docker-deskto |
low line 70
External URL reference
SourceSKILL.md
| 70 | - Linux: install with `curl -fsSL https://get.docker.com | sh && sudo usermod -aG docker $USER`. Note: user may need to log out/in for group membership. |
low line 111
External URL reference
SourceSKILL.md
| 111 | 1. Go to https://discord.com/developers/applications |
Scanned on May 12, 2026
View Security DashboardGitHub Stars 2
Rate this skill
Categorydevelopment
UpdatedMay 13, 2026
claudeclaude-codefrontenddocxapidatabasetestingdevopsbackenddevops-srebackend-developertechnical-supportwhatsappdockerdevelopmentsupport
sskarz/nanoclawbster