Skillv1.1.0

ClawScan security

AppStore Rating Pulse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 19, 2026, 2:02 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says: a small bash script queries Apple's iTunes Lookup API and formats ratings; nothing in the files requests secrets or accesses unrelated system data, though the metadata omits a couple of real binary dependencies.
Guidance: This skill appears to be what it claims: a small script that hits Apple's iTunes Lookup API and prints formatted ratings. Before installing, verify the runtime environment has bash, curl and python3 available (the metadata currently omits those dependencies). Run the script manually first to confirm output and that network access is acceptable. If you enable a cron job or allow autonomous agent runs, place the job in an isolated session as suggested and ensure no sensitive environment variables are exposed to that session. No API keys or credentials are requested by this skill.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, SKILL.md, and included script are consistent: they fetch App Store ratings via Apple's iTunes Lookup API. However, the package metadata claims no required binaries while the script actually depends on bash (obvious), curl and python3 at runtime. This is a minor incoherence in declared requirements (they are needed and reasonable for the stated purpose).
Instruction Scope: okSKILL.md instructs the agent to edit and run the provided script and optionally schedule a cron job. The instructions stay on-task (fetching ratings, formatting output). The script only performs network calls to itunes.apple.com and does not read arbitrary files or environment variables beyond an optional TZ for date display. The cron guidance suggests running in an isolated session and announcing output; that's a reasonable deliver mechanism but is an operational choice, not hidden behavior.
Install Mechanism: okNo install spec is provided and the skill is instruction-only with a small script—this is the lowest-risk model. Nothing is downloaded or installed by the skill itself.
Credentials: okThe skill requests no credentials or config paths. The script uses TZ optionally for date formatting but otherwise does not read or transmit secrets. The absence of required env vars is coherent with the described functionality.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated privileges or modify other skills or system-wide settings. It recommends (but does not implement) a user-controlled cron job; installing such a cron job would be a user decision.