Skillv1.0.0

ClawScan security

Agent Setup Survey · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 7:53 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (collect local environment signals and optionally submit them to a research endpoint); it does not request credentials or install software, but the user should review what will be sent (skill names and User-Agent/IP) before submitting.
Guidance: This skill appears to do what it says: run a local detection script and (with your approval) POST non-PII environment signals to a research endpoint. Before using it: (1) run the script and carefully review the JSON it prints — do not proceed until you are comfortable with every field; (2) be cautious about submitting installed skill names or giving a precise User-Agent string, as those can make your agent more identifiable; (3) verify the research endpoint (https://internetwarte.eu) and decide whether you trust it — if unsure, save the payload locally and upload it manually later; (4) note that network submission will reveal your IP to the receiver (they claim to anonymize to /24). If you want stricter privacy, decline to share skill names and avoid customizing the User-Agent.

Review Dimensions

Purpose & Capability: okName/description match the observed behavior: the included Python script inspects local OS files, /proc, DMI/sysfs on Linux, runs standard detection commands (systemd-detect-virt, virt-what, sysctl, ioreg, PowerShell queries) and emits a small JSON describing os/arch/container/vm signals. Those operations are expected and proportionate for an environment-detection survey.
Instruction Scope: noteSKILL.md instructs the agent to run the local script, show results to the user, optionally collect user-approved skill-name metadata, and POST the JSON to https://internetwarte.eu/submit with a custom User-Agent. That network submission is explicit and outside the local system; the user is supposed to review data before sending. Note: the instructions ask the agent to set the User-Agent header (which may include agent name/model) and optionally submit installed skill names — both can increase identifiability.
Install Mechanism: okInstruction-only skill with no install spec and only a small Python script included. No downloads, package installs, or archive extraction. Risk from install mechanism is low.
Credentials: noteThe skill requests no environment variables or credentials. The script reads local system files (/proc, /sys/class/dmi, /.dockerenv, /run/.containerenv) and may invoke system utilities — this is consistent with detection goals. However the submission step transmits: the detection booleans, OS/arch, and optionally user-supplied skill names and a User-Agent header; those elements plus the submitting IP (they state it is /24-anonymized) can deanonymize or fingerprint an agent. User consent is required and documented in SKILL.md, but users should be aware of this.
Persistence & Privilege: okThe skill is not always-enabled, does not request system-wide config changes or credentials, and does not attempt to persist itself. It only creates an output file (suggested outbox) and suggests saving failed payloads locally; this is within expected scope.