Back to skill
Skillv1.0.0
ClawScan security
Leadership Coach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 1, 2026, 5:12 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it says (a local CLI leadership content/diagnostic tool) but contains a runnable Python file and metadata that are slightly inconsistent and the skill is configured to run unsandboxed — worth extra review before installation.
- Guidance
- This skill appears to be a local CLI content/diagnostic tool for leadership material and mostly coherent with its description. Before installing or running it, review the included script.py fully (search for any file reads/writes, subprocess/network calls, or environment access). Note the skill manifest sets execution.sandbox: false — run it in an isolated environment (VM/container) first if you want to be cautious. Also check why skill.yaml requires pyyaml (unused dependency may be harmless but could indicate stale metadata). If you will run it on sensitive systems, prefer running the script manually after inspection rather than granting the platform unsandboxed execution rights. If you want, paste the full script.py here and I can point to any lines that read files, make network calls, or do other risky actions.
Review Dimensions
- Purpose & Capability
- okName/description (leadership coaching, five solution sets) match the provided artifacts: multiple README/SKILL files and an embedded SOLUTIONS data structure in script.py. Required env/config/credentials are none, which is coherent for a local content CLI.
- Instruction Scope
- okSKILL.md instructs only local CLI usage (python3 script.py list/show/solve/plan/diagnose). The instructions do not ask the agent to read unrelated system files or export data externally. The README/SKILL files emphasize 'local use' which aligns with the CLI behavior.
- Install Mechanism
- okNo install spec; this is instruction-plus-code (script.py) evaluated at runtime. No downloads or third-party installers are declared. This is low-risk compared with remote-download installers.
- Credentials
- noteThe skill declares no required environment variables or credentials (appropriate). Minor mismatch: skill.yaml lists a dependency on 'pyyaml' but the visible parts of script.py do not appear to need it — this is likely benign but odd and worth checking.
- Persistence & Privilege
- concernskill.yaml sets execution.sandbox: false, meaning the script will run unsandboxed when executed; combined with an included executable script (script.py) this increases risk if the code were to perform unexpected filesystem or network actions. The skill is not marked always:true, and it requests no credentials, which mitigates some risk, but unsandboxed execution is a noteworthy privilege.