Skillv1.0.0

ClawScan security

Build · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 7:01 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's claims are very broad (code, infrastructure, hardware, org creation) but the instructions are only high-level prose and declare no required tools, credentials, or concrete steps — this mismatch and the extreme vagueness mean it could cause the agent to take broad, uncontrolled actions if allowed to run autonomously.
Guidance: This skill is conceptually broad but contains no concrete steps, tools, or declared permissions — that gap is the main risk. Before installing, ask the publisher for: (1) a clear list of actions the skill will take at runtime, (2) any external services/endpoints it will call and why, (3) what credentials or files it requires, and (4) an explicit consent/confirmation policy for high-impact actions (provisioning infra, accessing cloud accounts, writing files). If you plan to enable autonomous invocation, restrict the agent's access to secrets and require manual approval for any infrastructure- or account-changing operations. If you don't get concrete answers, treat this as an advisory/template only and avoid giving it access to cloud credentials or system-level privileges.

Review Dimensions

Purpose & Capability: concernThe name/description promise automated construction across software, infrastructure, hardware, and organizations. Yet the skill declares no binaries, no install, and no credentials. Real provisioning or hardware synthesis normally requires concrete tools and service credentials (cloud APIs, build toolchains, CAD tools), so the capability claims are disproportionate to the declared requirements and therefore incoherent.
Instruction Scope: concernSKILL.md contains only high-level conceptual text and no concrete runtime instructions, commands, endpoints, or constraints. That vagueness grants the agent broad discretion ("do whatever is needed to build X") which is explicitly flagged by policy as risky: open-ended instructions can lead to reading unrelated data, contacting unknown endpoints, or taking unexpected actions.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This minimizes supply-chain and disk-write risk (nothing downloaded or installed by the skill itself).
Credentials: noteThe skill requests no environment variables or credentials (low immediate credential risk). However, given the promised capabilities, a legitimate implementation would typically require cloud/service credentials and tool access — the absence of declared credentials is a mismatch that merits caution.
Persistence & Privilege: okalways is false and there is no install-time persistence. The skill can be invoked autonomously by the agent (platform default). Because the skill is vague and overbroad, autonomous invocation increases operational risk, but autonomous invocation alone is expected and not a direct misconfiguration here.