Skillv1.1.0

ClawScan security

Security Guardian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 5:00 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with an automated secret- and container-scanning tool; nothing in the package requests unrelated credentials or network exfiltration, but the skill has no provenance (no homepage/source owner info) so exercise caution.
Guidance: What to consider before installing: - Code review: The packaged scripts are small and readable; review them yourself before running. The skill has no homepage or provenance, which lowers trust — prefer skills with verified sources. - Run scope: Use the tool only on intended project workspace paths. The secret scanner blocks system roots by default; avoid using --force unless you explicitly intend to scan system directories. - Handling findings: Treat any reported secrets as sensitive. Do not paste findings (secret values) into public channels. Use a vetted credential manager (review the mema-vault skill) to rotate and vault secrets rather than storing them in plain text. - Environment: Trivy may download vulnerability DB updates during scans; run it in an environment where network access and telemetry are acceptable. Consider running scans in an isolated environment if you have high security requirements. - False positives & limitations: The regex patterns can generate false positives and may miss obfuscated secrets; use findings as actionable leads, not absolute truth. - If you need higher assurance: ask the skill author for provenance (repo/homepage, signed release) or reimplement equivalent checks from known tools. If you will integrate with an external vault, validate that integration code and do not give vault credentials to untrusted skills.

Review Dimensions

Purpose & Capability: okName/description (secret scanning + Trivy container scans) matches the included files and runtime instructions. The repository contains a secrets scanner and a Trivy wrapper. The SKILL.md references mema-vault for remediation, which is coherent with the stated purpose.
Instruction Scope: okSKILL.md instructs only local scans and Trivy usage. The provided scripts scan files or images only and do not reference external endpoints or collect/transmit secrets. The Python scanner explicitly blocks scanning system roots unless --force is used, and the container script delegates to the host's Trivy.
Install Mechanism: okNo install spec (instruction-only) and two small scripts are included. The only external requirement is the user-installed trivy binary for container scanning, which is documented in the SKILL.md.
Credentials: okThe skill does not request environment variables, credentials, or config paths. The scripts do not read secrets from environment variables or attempt to persist/authenticate to external services. Use of a vault (mema-vault) is suggested for remediation, but that integration is advisory rather than automatic.
Persistence & Privilege: okThe skill is not force-included (always:false), does not request persistent system-wide changes, and does not modify other skills' configs. Autonomous invocation is allowed by default (platform behavior) but is not combined with other concerning privileges here.