Back to skill
Skillv1.0.0
ClawScan security
InspirAI Deploy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 15, 2026, 2:07 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's runtime instructions match a deployment tool (kubectl, docker, ssh, vercel, fly), but its metadata omits required binaries, environment variables, and config path requirements — the mismatch and unknown source warrant caution.
- Guidance
- This skill appears to be a legitimate deployment helper, but its metadata is incomplete and the source is unknown. Before installing or running it: (1) Review the full SKILL.md to see exactly what commands will run (kubectl, docker, ssh, helm, vercel, fly, git). (2) Understand that it will read project files (.env, package.json, helm/, Dockerfiles) and rely on kubeconfig and SSH keys — do not run it with elevated or production credentials until you audit it. (3) Because the metadata did not declare required binaries/env vars, ensure those tools and credentials exist and are restricted to the minimum necessary scope. (4) Prefer to run 'check' and inspect the generated .deploy.yaml and any suggested commands before approving a deploy. (5) If possible, ask the publisher for source code or a homepage; avoid trusting unknown-origin skills that operate on infrastructure until you can verify them.
- Findings
[regex-scan-empty] expected: No code files were present; the regex-based scanner had nothing to analyze. This is expected for an instruction-only skill, but it leaves the SKILL.md as the primary surface to review.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md describes a deploy tool for K8s/Helm, Docker Compose, Vercel, Fly.io and the instructions call expected CLIs (kubectl, docker, docker compose, git, ssh, vercel, fly, helm). However the registry metadata declares no required binaries, no env vars, and no config paths. This is inconsistent: a deploy skill legitimately needs those CLIs and access to kubeconfig/SSH/registry credentials, so the metadata omission is disproportionate and unexplained.
- Instruction Scope
- concernInstructions read many local/project files (.env, .env.{env}, package.json, go.mod, helm/, docker-compose.yml, vercel.json, fly.toml, justfile/Makefile, services/, .service-tags.json) and run commands that access remote systems (ssh, kubectl, docker manifest inspect, vercel/fly CLIs). The 'check' mode claims read-only, but the Run section (deploy) implies commands that will modify remote state (docker compose up, kubectl/helm apply/upgrade, ssh remote commands). The instructions also reference environment variables and CLI args (ENV, REGISTRY, NAMESPACE, KUBECTL_ARGS, DEPLOY_HOST, COMPONENTS) that are not declared in the skill metadata.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files — low install risk. Nothing will be written by an installer from an external URL. However runtime depends on local CLI tools which are not declared.
- Credentials
- concernThe skill metadata lists no required environment variables or primary credential, but the SKILL.md expects numerous env vars and access to credentials: registry credentials, kubeconfig context/credentials, SSH keys for remote hosts, and CLI auth state for vercel/fly. That mismatch is problematic because the skill will implicitly rely on these secrets without declaring them or explaining minimal privileges.
- Persistence & Privilege
- okalways:false and no install scripts are present. The skill does not request persistent/automatic inclusion. There is no evidence it modifies other skills or global agent config.