Skillv1.0.0

ClawScan security

Attestation Root Diversity Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 9:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (measuring attestation root diversity) aligns with its instructions and requirements; it is an instruction-only analyzer that may fetch attestation metadata using curl/python3 but does not request unrelated credentials or install additional software.
Guidance: This skill looks internally consistent: it analyzes attestation graphs and reasonably needs curl/python3 to fetch and process metadata. Before installing, consider: 1) Source provenance — the skill's source/homepage is unknown; prefer skills with a traceable source. 2) Network fetches — the skill implies using curl to pull attestation data; confirm which endpoints the agent will query and run it in a network-isolated environment if you have strict policies. 3) Private attestations — the skill does not request credentials; if you supply private attestation data or credentials to analyze private graphs, do so only after verifying the environment. 4) Autonomy — the skill can be invoked by the agent automatically (platform default), so check agent policies if you want to restrict autonomous network access. If you want higher assurance, ask the publisher for a sample of the exact curl/python commands or a small vetted parser implementation before enabling the skill in production.

Review Dimensions

Purpose & Capability: okThe skill's name and description match the operations described in SKILL.md: parsing attestation graphs, computing concentration metrics, and producing a diversity verdict. Required binaries (curl, python3) are reasonable for fetching and processing attestation metadata. No unrelated credentials, config paths, or heavy dependencies are requested.
Instruction Scope: noteSKILL.md is focused on analyzing trust graphs and gives examples; it does not instruct the agent to read arbitrary local files or secret env vars. However, because the skill is instruction-only and lists curl/python3 as required, the runtime behavior implies network fetches of attestation metadata (via curl) and local processing (via python3). The SKILL.md does not enumerate specific endpoints to contact or include code, so you should expect the agent to fetch whatever URLs are supplied by user input or discovered from the skill registry.
Install Mechanism: okThere is no install spec and no code files. This is the lowest-risk form: nothing is written to disk by an installer. The skill relies on existing system binaries only.
Credentials: okThe skill declares no environment variables, no credentials, and no config paths. That is proportionate to its stated purpose. If you plan to analyze attestations that are behind authenticated endpoints, those credentials would need to be provided externally (the skill does not request them).
Persistence & Privilege: okalways is false and the skill does not request persistent system changes or privileges. Autonomous invocation is allowed (platform default), which is appropriate for a tool that performs analyses on demand.