Skillv1.0.0

ClawScan security

Moltcops Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 10, 2026, 5:12 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (local pre-install scanner) matches its visible requirements and instructions, but I can't fully verify the bundled script's runtime behavior without inspecting its source for network or exfiltration calls.
Guidance: This package appears internally consistent with its stated purpose. Before trusting it: (1) manually open scripts/scan.py and rules.json and search for any network or subprocess calls (e.g., requests, urllib, socket, subprocess, os.system, urllib3, httpx) or hardcoded URLs/endpoints — the SKILL.md claims 'No API calls' and that should be verified; (2) confirm the script does not POST/PUT/GET scanned file contents to remote servers; (3) run the scanner on a harmless test folder first to observe behavior and any network activity (use a network monitor or run offline); (4) inspect rules.json to understand what is flagged and whether it may produce false positives on your code. If you cannot or do not want to inspect the code yourself, treat the skill as untrusted until a third party you trust has audited scripts/scan.py.

Purpose & Capability: okName, description, and runtime instructions describe a local-only pre-install scanner. The package includes a scanner script and rule set and requests no env vars, binaries, installs, or config paths — which is proportionate for this purpose.
Instruction Scope: noteSKILL.md's instructions are narrowly scoped: run python3 scripts/scan.py <path-to-skill-folder>. The scanner necessarily reads files in the target skill folder (expected). The README repeatedly asserts 'No API calls. No uploads.' That claim cannot be validated from the metadata alone; the bundled script must be inspected to confirm it does not transmit scanned data off-host.
Install Mechanism: okNo install spec — instruction-only with a bundled script. This is low-risk from an install perspective (nothing is written to system locations by an installer).
Credentials: okRequires no environment variables, credentials, or special config paths. That aligns with a local scanner's needs. The scanner will read files in the target folder (expected), which may include secrets stored by the skill being scanned — this is expected behavior for a scanner but worth noting.
Persistence & Privilege: okSkill does not request always-on presence, model-invocation flags were not set to grant elevated persistence, and there are no declared privileges. This is appropriate for a utility scanner.