Skillv0.1.2

ClawScan security

Tdnet Disclosure Mcp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 5:14 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose and runtime instructions are coherent, but it requires installing an external package with an unknown source/no homepage — installing arbitrary packages is the main remaining risk.
Guidance: This skill appears to do what it says, but it requires installing a third-party package (tdnet-disclosure-mcp) with no homepage or source listed. Before installing: (1) verify the package on a trusted registry (PyPI/GitHub) and inspect the source or release notes, (2) prefer packages with an authoritative homepage/repo and a maintainer history, (3) run the install and CLI in a sandbox or container if you must test it, and (4) review network behavior (which endpoints it contacts) and file system writes after install. If the publisher cannot provide a repository or verifiable provenance, treat the package as higher risk and avoid installing on sensitive systems.

Review Dimensions

Purpose & Capability: okName, description, and CLI usage all align: the skill is a thin wrapper around a tdnet-disclosure-mcp CLI that queries a public Yanoshin Web API mirror of TDNET data. Required binary matches the stated capability and no unrelated credentials or paths are requested.
Instruction Scope: okSKILL.md contains only CLI usage and install instructions for the tdnet-disclosure-mcp tool; it doesn't instruct the agent to read unrelated files, environment variables, or exfiltrate data to unexpected endpoints. It references the Yanoshin Web API (an external data source), which is appropriate for this purpose.
Install Mechanism: concernThe install spec is a uv-packaged tool (uv kind) and SKILL.md also suggests pip install. No homepage or source repository is provided and the package owner is unknown — installing an external package will download and run third-party code on the host. This is a moderate risk because the installer could contain unexpected behavior; the manifest gives no provenance (e.g., GitHub repo, PyPI link, or release host) to verify the package before install.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The lack of secrets or unrelated env access is proportionate to a read-only disclosure-retrieval tool.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide privileges or to modify other skills' configurations. Installing the CLI will add a binary (expected for a tool), but there's no request for elevated privileges in the metadata.