Skillv1.0.0

ClawScan security

Divination · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 11:53 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (random divination) matches its files and instructions, but it requires executing bundled shell scripts (whose full source was omitted from the provided listing) which raises a non-trivial risk; review those scripts before installing.
Guidance: This skill appears coherent for its stated purpose (true-random divination) and asks for nothing unusual in metadata, but it requires the agent to exec two bundled shell scripts. Before installing or allowing the agent to run them: (1) review the full contents of scripts/divine.sh and scripts/intuition.sh to confirm they only read local reference files and /dev/urandom and do not make network calls, read sensitive files, or export data; (2) verify the claimed card images actually exist in the package (SKILL.md references an images/ folder that is not listed in the file manifest); (3) if you cannot inspect the scripts yourself, run them in a sandboxed environment or deny exec permission — the skill's design depends on executing code shipped with it, and that code is the primary risk. If those checks look clean, the skill is reasonable for use; if the scripts include networking, shelling out to curl/wget, or reading home-directory files, treat it as unsafe.

Review Dimensions

Purpose & Capability: okName/description (random card draws + poetic impulses) match the included reference decks and the presence of two shell scripts to perform random draws and generate interpretation impulses — these are coherent and proportionate to the stated purpose.
Instruction Scope: noteSKILL.md explicitly instructs the agent to run scripts via exec and to read bundled reference files; it does not ask for unrelated files, credentials, or external endpoints. However, SKILL.md mandates ALWAYS executing the provided scripts (and never improvising), which is reasonable for ensuring unbiased randomness but gives the skill full discretion to run arbitrary shell commands. The actual behavior depends entirely on the contents of scripts/divine.sh and scripts/intuition.sh — those script sources were omitted/truncated in the provided file contents, so their runtime actions are unknown.
Install Mechanism: okNo install spec is present (instruction-only), so nothing will be downloaded or installed at install time. That minimizes supply-chain risk, but runtime exec of bundled scripts still executes code shipped with the skill.
Credentials: okNo environment variables, credentials, or config paths are required or declared. SKILL.md cites only /dev/urandom for randomness. There is no apparent request for unrelated secrets or system access in the metadata or instructions.
Persistence & Privilege: okFlags show always:false and default autonomous invocation allowed. There is no request to modify other skills or platform settings. Autonomous invocation is normal; nothing here elevates persistence or privileges beyond expected behavior.