Skillv1.2.0

ClawScan security

Structs Exploration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 30, 2026, 3:12 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions clearly require the 'structsd' CLI and use local transaction keys, but the metadata declares no required binaries, credentials, or config access — that mismatch is unexplained and could lead to unexpected use of local wallets or network transactions.
Guidance: This skill tells the agent how to run 'structsd' to explore planets and move fleets, and it expects you to supply a local key name for signing transactions. Before installing or using it: 1) Verify you have the 'structsd' CLI installed from a trusted source; 2) Confirm where your keys are stored (local keyring/config) and that you understand any commands may submit real on-chain transactions; 3) Don't let the agent run these commands autonomously without review—inspect the exact tx commands and test on a non-production/test environment first; 4) Ask the publisher to update metadata to declare the required binary and any config/credential needs to remove this inconsistency.
Findings: [no-code-found] expected: Regex scanner found no code files; this is an instruction-only skill. The primary security signals come from SKILL.md content rather than code analysis.

Review Dimensions

Purpose & Capability: concernThe SKILL.md assumes use of the 'structsd' CLI to query and submit transactions (planet-explore, fleet-move) and references signing via '--from [key-name]'. However, the registry metadata lists no required binaries, no primary credential, and no config paths. A skill that drives a blockchain-style CLI legitimately needs that binary and access to wallet/key material; the omission is an incoherence.
Instruction Scope: noteInstructions are narrowly focused on querying and transacting with Structs via the CLI and do not ask to read unrelated files or exfiltrate data. However, they do instruct transaction submission using a local key name (wallet) and CLI flags; that implies access to local keyrings and the network node, which the skill metadata does not declare.
Install Mechanism: okThis is instruction-only with no install spec or code files, so there is no installer risk. The runtime risk comes from executing the external 'structsd' binary (not provided by the skill).
Credentials: concernThe instructions require signing transactions ('--from [key-name]') and therefore access to local keys/wallets and potentially node RPC endpoints, but the skill requests no environment variables, credentials, or config paths. The skill should explicitly declare the need for wallet access and any node endpoint config; its absence is disproportionate to the operations it performs.
Persistence & Privilege: okThe skill is not always-enabled, does not request persistent installation, and doesn’t modify other skills or system settings. Autonomous invocation is allowed (default), but that alone is not flagged; there is no 'always: true' or other high-privilege setting.