Skillv0.1.3

ClawScan security

Lybic Sandbox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:35 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a Lybic cloud-sandbox controller: it asks for Lybic credentials and Python tooling and its instructions and example code match the described capabilities, though there are minor install/information mismatches and some operational risks to consider before use.
Guidance: This skill appears to do what it says: control Lybic sandboxes via the official Python SDK. Before installing: 1) Treat LYBIC_API_KEY/LYBIC_ORG_ID like sensitive credentials — the skill can create and control sandboxes, run arbitrary code there, access networks, and expose services publicly; give it the minimal-permission API key needed and be ready to rotate/revoke keys. 2) Be cautious about examples that download arbitrary URLs or create public HTTP port mappings — these are expected features but can expose data or run untrusted content. 3) The install metadata has a small inconsistency (pipx listed as providing pip3) — verify installation commands on your platform before running them. 4) Verify the provenance of this package (source is listed as unknown) and, if you require higher assurance, obtain the SDK/publishers from an official Lybic release channel or your org's approved repository. If you plan to run sensitive workloads, review your network/isolation policy for Lybic sandboxes and avoid placing sensitive credentials or internal network access into sandboxes that are made public via port mappings.

Review Dimensions

Purpose & Capability: okName/description match the requested capabilities: the skill controls Lybic sandboxes, performs GUI automation, runs code, copies files, and creates HTTP port mappings. Required env vars (LYBIC_ORG_ID, LYBIC_API_KEY) and python/pip requirements align with the Python SDK usage.
Instruction Scope: noteSKILL.md and examples instruct the agent to create sandboxes, execute arbitrary code/commands, download files from external URLs, and create public HTTP port mappings. These are powerful but expected for a sandbox controller; watch for examples that print mapping tokens or download arbitrary external content (which is expected but increases exposure).
Install Mechanism: noteInstall uses Homebrew formulas for python3 and pipx (low-risk). The runtime docs also instruct 'pip install lybic' (PyPI). Minor inconsistency: the install metadata claims the pipx brew formula 'creates binaries: pip3', which is not the usual mapping (pipx typically provides 'pipx', not 'pip3'); this is likely a packaging/doc mismatch but not an obvious malware indicator.
Credentials: okOnly Lybic-specific credentials are required (LYBIC_ORG_ID, LYBIC_API_KEY); those are appropriate and proportionate to the skill's purpose. No unrelated secrets or system config paths are requested.
Persistence & Privilege: okalways is false and the skill doesn't request to modify other skills or system-wide settings. Autonomous invocation is allowed (default) which is normal for skills; no elevated persistence was requested.