Skillv0.1.2

ClawScan security

BYR CLI Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 18, 2026, 2:38 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only wrapper for a BYR CLI and generally matches its stated purpose, but it relies on third‑party install sources and supports browser cookie import (access to sensitive local secrets), so review before installing.
Guidance: This skill appears to be a thin wrapper around a third‑party 'byr' CLI. Before installing or using it: (1) verify the Homebrew tap and npm package authors and inspect their source repository if possible; (2) prefer the dry-run download flow and require explicit output paths before writing files; (3) be cautious with the 'auth import-cookie --from-browser' flow — importing browser cookies grants access to session tokens and should only be done if you trust the CLI source; consider using a manual cookie string instead or re-authenticating through safer means; (4) run 'byr doctor' and inspect output locally before allowing any write/download actions; and (5) consider the legal/organizational policy implications of torrent usage. If you need higher assurance, request the upstream source code or a reproducible build of the 'byr' binary before installing.

Review Dimensions

Purpose & Capability: noteName/description match the behavior: the skill delegates all work to a 'byr' CLI and declares Homebrew/npm install options that create the 'byr' binary. Requiring a local 'byr' binary is coherent for a CLI wrapper.
Instruction Scope: concernSKILL.md explicitly documents browser cookie import flows (chrome macOS path/decrypt flow, safari best-effort) which implies reading/decrypting local browser profiles or cookies. The skill text does not declare or constrain access to those local files; because this is instruction-only, the actual access would be performed by the installed 'byr' binary but the instructions encourage actions that touch sensitive local secrets (browser session tokens).
Install Mechanism: noteInstallers are a Homebrew formula from a third-party tap (1MoreBuild/tap) and an npm package (byr-pt-cli). These are reasonable fallback mechanisms but both are third‑party sources (not a widely-recognized official repo linked in the skill). This raises moderate supply-chain risk — verify the tap/package source before installing.
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate. However, the documented browser cookie import is effectively a request to access local sensitive secrets (cookies/session tokens) that is not represented in 'requires' or config path metadata.
Persistence & Privilege: okalways is false and the skill is instruction-only; it does not request permanent agent presence or modifications to other skills or system-wide settings.