Skillv1.0.0

ClawScan security

codebase-onboarding · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 3:17 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match an onboarding purpose, but there are inconsistencies (examples referencing Notion/Confluence tokens that aren't declared) and it instructs running potentially impactful commands (migrations, docker compose, tests) without safeguards — review before use.
Guidance: This skill appears to do what it says (generate onboarding docs) but has some things to watch for before you use it: - Treat publishing integrations as optional. The templates show NOTION_TOKEN and CONFLUENCE_TOKEN usage but the skill doesn't declare required env vars — only provide tokens if you trust the destination and understand what will be posted. - Run analysis in an isolated environment (local dev container or ephemeral VM) to avoid accidentally running migrations against production databases or pulling live services when running docker compose or pnpm scripts. - Review any commands that modify state (pnpm db:migrate, db:seed, docker compose up) and prefer read-only alternatives for initial runs (list files, grep, git log, static analysis) until you're confident about the environment variables being used. - Inspect generated output before publishing it externally. If you plan to auto-publish, ensure the agent or environment has least privilege and a dedicated service account/token with limited scope. - Because the skill's source is unknown and it lacks declared credential requirements, exercise extra caution: verify origin, and if possible test the workflow with dummy credentials and in a sandboxed repo first.

Review Dimensions

Purpose & Capability: noteThe described goal (generate onboarding docs from a repo) matches the provided commands and templates: listing files, reading package.json, generating README content, and offering Notion/Confluence export examples. However, the SKILL.md includes code examples that rely on external credentials (NOTION_TOKEN, CONFLUENCE_TOKEN, ONBOARDING_PARENT_PAGE_ID) but the skill declares no required environment variables or primary credential, which is an inconsistency to be aware of.
Instruction Scope: concernRuntime instructions instruct the agent to run many repository and system commands (find, grep, git log, run pnpm test:ci, docker compose up, pnpm db:migrate/db:seed). Those are reasonable for a hands-on onboarding workflow but are potentially impactful: running migrations or composing services could affect real infrastructure if environment variables point to non-local resources. The instructions also read source files (auth, schema) which may contain secrets — this is expected for code analysis but increases sensitivity.
Install Mechanism: okNo install spec and no code files beyond documentation templates — lowest install risk. The skill is instruction-only so nothing new is written to disk by an installer step.
Credentials: concernThe SKILL.md references publishing to Notion and Confluence with example code that expects NOTION_TOKEN and CONFLUENCE_TOKEN, but the skill declares no required env vars. That mismatch could mislead users into providing credentials without clear guidance. The instructions also ask to copy/edit .env and 'ask a teammate or see Vault' — but offer no guardrails about which envs are safe to populate or how to ensure local resources are used rather than production systems.
Persistence & Privilege: okThe skill is not always-enabled, does not request persistent presence, and does not modify other skills or system-wide settings. Autonomous invocation is allowed (default), which is normal, and should be considered together with other risks when deciding whether to enable autonomous runs.