Skillv1.1.1

ClawScan security

Auth Guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 5:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose of standardizing startup auth checks and helper scripts; it does not request unrelated credentials or perform suspicious exfiltration.
Guidance: This skill appears coherent and limited to auth-probing behavior. Before installing or running: (1) review the included scripts in skills/auth-guard/scripts/auth_check.sh and any helper templates you copy into workspace/.pi/ so you understand what will be executed; (2) only pass probe URLs you trust and that belong to the target service (the script requires https://); (3) keep credential files under ~/.config/ as advised and ensure those files have appropriate filesystem permissions; (4) when adding the helper to HEARTBEAT.md/AGENTS.md, ensure teammates know the canonical retrieval order (env var first) so no automation unintentionally loses access; (5) if you plan to use helper scripts that read other local credential formats (e.g., gh/gh auth), integrate those carefully rather than pointing --cred-file at arbitrary workspace files.

Review Dimensions

Purpose & Capability: okName/description, examples, SKILL.md, and scripts all focus on performing an auth probe for protected endpoints and establishing helper scripts. The included script accepts a service name, probe URL, env-var name, and credentials file — exactly what an auth-check tool needs. No unrelated resources (cloud creds, extra binaries, or external services) are requested.
Instruction Scope: okRuntime instructions and the provided script limit actions to reading an env var or a credentials JSON (under ~/.config/*), probing an HTTPS endpoint with curl, and returning a short status string. The SKILL.md explicitly warns against logging secrets and against pointing cred-file at arbitrary workspace files. There is no instruction to collect or transmit secrets elsewhere.
Install Mechanism: okNo install spec; this is instruction-only with one included helper script. Nothing is downloaded or written by an installer. Risk is limited to executing the provided script (which the user can review).
Credentials: okThe registry metadata declares no required env vars or primary credential. The script takes an env-var name as a parameter and checks a credentials file path supplied at runtime; it does not demand unrelated secrets. It also enforces that credential files must live under $HOME/.config/, reducing the chance of reading arbitrary workspace secrets.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request persistent or elevated privileges, nor does it modify other skills' configs. It asks users to place helper scripts in workspace/.pi/, which is normal for helper tooling and something the user should review before executing.