Back to skill
Skillv0.1.0
ClawScan security
Blackbox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 13, 2026, 3:03 PM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The SKILL.md expects the Blackbox CLI, Node.js, and a Blackbox API key and even uses gh/git commands, but the registry metadata does not declare those binaries or credentials — this mismatch and the instruction to run arbitrary shell actions is inconsistent and warrants caution.
- Guidance
- This skill's instructions will install and run the Blackbox CLI, require a Blackbox API key, and ask the agent to run arbitrary shell commands (git, npm, gh, cloning repositories, executing code). Before installing or invoking it: (1) verify you trust the Blackbox CLI source (GitHub repo and npm package) and prefer installing that CLI yourself instead of letting the agent do it automatically; (2) do not provide secrets (API keys) unless you trust the skill and understand where they will be stored; (3) run the agent in a sandbox or isolated workdir (container, VM, or temp dir) to avoid unintended code execution on important projects; (4) note the SKILL.md and registry metadata disagree — ask the author to update registry fields to declare required binaries and credentials (Node.js, @blackboxai/cli, Blackbox API key, optionally GitHub CLI) before proceeding.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (delegate coding tasks to the Blackbox CLI) is plausible, but the registry metadata lists no required binaries or credentials while the SKILL.md clearly requires Node.js, the @blackboxai/cli, and a Blackbox API key (and implicitly the GitHub CLI for the PR example). The declared requirements in the registry do not align with what the instructions actually need.
- Instruction Scope
- noteThe SKILL.md instructs the agent to run shell commands (npm install -g, git clone, mktemp, git/gh operations), start interactive and background CLI sessions, clone arbitrary repositories, and run the Blackbox agent against project code. Those actions match the coding-agent purpose but grant the agent the ability to download, modify, and execute code in arbitrary workdirs; the instructions do not constrain or sandbox that behavior.
- Install Mechanism
- noteThere is no install spec in the registry (instruction-only), but the runtime instructions explicitly tell the agent to install the CLI via npm or from a GitHub repo. Installing a global npm package or cloning/executing code from GitHub is higher-risk than a pure instruction-only skill and should be acknowledged by the metadata; the absence of an install declaration is an inconsistency.
- Credentials
- concernSKILL.md requires a Blackbox API key (and suggests running `blackbox configure`) but the registry lists no required environment variables or primary credential. The PR review example uses `gh pr checkout` which implies need for GitHub CLI and auth but those are not declared either. Required credentials and tools are not proportionately or transparently declared.
- Persistence & Privilege
- okThe skill does not request forced persistence (always: false) and does not attempt to modify other skills or system-wide agent settings in the instructions. Background sessions and process polling are part of normal agent operation and are documented in the SKILL.md.