Back to skill
Skillv1.0.2
ClawScan security
Package Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 3:45 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (packaging other skills) and do not request credentials or network access, but it performs destructive filesystem operations (moving/deleting other skill directories) so you should review and back up your skills before using it.
- Guidance
- This skill is internally coherent and appears to do what it says, but it performs high-impact filesystem changes (copies, moves, and deletes of skill directories). Before installing or running it: 1) Review the two Python scripts yourself (they are included) to confirm behavior; 2) Back up your skills/ directory so you can recover accidentally removed skills; 3) Test on a copy of your skills directory or in an isolated environment; 4) Prefer running the CLI manually (python .../create.py ...) rather than allowing automated/unsupervised agent invocation; 5) Ensure you use only safe package and skill names (the scripts validate names, but avoid running with names you don't trust). No network or credentials are required by the tool.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md instructions, and the included scripts all implement a skill-packaging tool: copying sub-skills into a package, generating pack.md, producing a package SKILL.md, and removing/restoring top-level skill directories. The requested capabilities (filesystem operations under the skills/ tree) are coherent with the stated purpose.
- Instruction Scope
- noteSKILL.md instructs the agent/operator to read pack.md and individual SKILL.md files and to run the provided create/update scripts. The scripts explicitly remove the original top-level skill directories during 'create' and 'add' operations (shutil.rmtree/shutil.move). Reading and modifying SKILL.md and pack.md is expected, but the destructive removal of original directories is a significant action that the user should be aware of.
- Install Mechanism
- okNo install spec or third-party downloads; the skill is instruction-only with included Python scripts. Nothing is fetched from external URLs and no packages are installed automatically, which minimizes supply-chain risk.
- Credentials
- okThe skill requests no environment variables or credentials. It does, however, require read/write access to the local skills/ directory (calculated relative to the script location). That filesystem access is necessary for packaging work but is a privilege to consider.
- Persistence & Privilege
- concernAlthough always:false, the scripts change other skills on disk (copy, remove, and restore top-level skill directories). Modifying or deleting other skill directories is within the tool's purpose but is a high-impact operation — it can permanently remove top-level skills if used incorrectly, so exercising caution and backups is important.