Skillv1.0.1

ClawScan security

RunPod pod management · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:22 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (managing RunPod pods and mounting pod filesystems), but the package metadata omits some practical dependencies and there are minor portability/usability issues you should be aware of before installing.
Guidance: What to check before installing: 1) This skill expects runpodctl, ssh, sshfs (FUSE) and a RunPod API key — the registry metadata doesn't list those binaries, so make sure you have them and trust runpodctl's source. 2) The mount script will read your SSH private key (from ~/.runpod/ssh/ or a path you set via RUNPOD_SSH_KEY) and write a known_hosts file under ~/.runpod/ssh/; mounting gives the remote root filesystem access to your local mountpoint — only mount pods you trust. 3) The script parses runpodctl output using grep -P (Perl regex); this may be non-portable on some systems (macOS grep may not support -P). 4) Host key handling uses StrictHostKeyChecking=accept-new (it will accept new host keys automatically and store them in the skill’s known_hosts file) — be aware of the security tradeoff. If you’re comfortable with these points and trust RunPod/runpodctl, the skill appears coherent. If unsure, inspect runpodctl and run the mount script in a sandboxed environment first.

Review Dimensions

Purpose & Capability: noteThe skill is focused on RunPod pod lifecycle and SSH/SSHFS mounting. The SKILL.md and the mount script implement that functionality (calling runpodctl, using SSH keys, sshfs). However, the registry metadata declares no required binaries/env vars even though the instructions require runpodctl, ssh, and sshfs/fusermount; this appears to be an oversight rather than malicious mismatch.
Instruction Scope: noteInstructions are limited to RunPod operations: installing runpodctl, configuring an API key via runpodctl, managing SSH keys, and mounting pods via the included script. The script reads/writes SSH key and known_hosts files under ~/.runpod or ~/.ssh (expected for SSH/sshfs). It does parse runpodctl output (grep -oP) which is brittle and may fail on systems where grep lacks -P support; otherwise there is no scope creep (no unrelated system-wide reads or exfil endpoints).
Install Mechanism: okThis is an instruction-only skill with a small helper script; there is no install spec or remote download, so nothing arbitrary is written to disk by an installer. The included shell script is the only code and its behavior is visible.
Credentials: noteThe skill declares no required environment variables or credentials, but the SKILL.md asks users to run 'runpodctl config --apiKey' (so an API key is required for RunPod use) and documents optional env vars RUNPOD_SSH_KEY and RUNPOD_KNOWN_HOSTS used by the script. The lack of declared required creds in metadata is a minor inconsistency but not an indication of hidden credential access.
Persistence & Privilege: okThe skill does not request permanent always-on inclusion and does not modify other skills or system-wide agent settings. The script will create directories under your home and write a per-skill known_hosts file (expected for SSH/sshfs usage).