Skillv1.0.0

ClawScan security

Xiaopi Skill Vetter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 29, 2026, 7:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a reasonable vetting checklist, but metadata inconsistencies (ownerId mismatch), lack of provenance, and a couple of vague instructions merit caution before trusting it automatically.
Guidance: This skill is essentially a human-readable vetting checklist and is coherent with its stated purpose, but treat it as guidance rather than an automated authority. Before installing or letting an agent run this vetter autonomously: 1) Verify provenance — the package metadata shows inconsistent owner IDs and no homepage; prefer skills with clear authorship. 2) Run any vetting actions in a sandbox or ephemeral VM so curl/raw file fetches can't cause harm. 3) Limit the agent's file-read scope to the skill package directory (do not let it read your home, ~/.ssh, ~/.aws, or other sensitive paths). 4) Manually confirm that the agent does not automatically transmit any collected data to external endpoints. 5) Treat the output of this skill as advisory and perform a human code review for high-risk skills. If you need higher assurance, ask for the publisher's identity or a signed release before trusting automated vetting.
Findings: [NO_SCAN_FINDINGS] expected: Regex scanner found nothing to analyze because this is an instruction-only skill with no code files; that is expected but leaves behavioral guarantees to the agent executing the instructions.

Review Dimensions

Purpose & Capability: okThe name and description (skill vetting) align with the SKILL.md content: it is an instruction-only vetting protocol that teaches how to review skills and provides curl examples for GitHub. It does not request unrelated credentials or binaries. However, the package metadata is inconsistent: the registry metadata ownerId (kn7256...) differs from _meta.json.ownerId (kn71j6...), and source/homepage are unknown — a provenance gap worth noting.
Instruction Scope: noteInstructions are narrowly focused on reviewing skill files, checking red flags, and using GitHub API/raw.githubusercontent to fetch files. This is appropriate. Two caution points: (1) the SKILL.md tells the agent to "Read ALL files in the skill" — that should be limited to the skill package area (not host home directories) to avoid accidental exposure of unrelated secrets; (2) Quick Vet Commands run network requests (curl) — expected, but network activity should be sandboxed and results validated.
Install Mechanism: okNo install spec and no code files — instruction-only. This is the lowest-risk install profile and consistent with the stated purpose.
Credentials: okThe skill requires no environment variables, credentials, or config paths. The guidance and quick commands are network/HTTP checks that don't demand secrets. This is proportionate to a vetting checklist.
Persistence & Privilege: okalways:false and disable-model-invocation:false (normal). The skill does not request persistent presence or elevated privileges. There are no instructions to modify other skills or global agent settings.