Skillv1.1.0

ClawScan security

Delta Disclosure Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 3:02 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (auditing delta disclosures) matches the resources it requests (curl and python3) and it is instruction-only with no credentials or install steps, but review the exact runtime instructions for any steps that fetch and execute publisher-supplied artifacts or untrusted keys.
Guidance: This skill is coherent with its stated goal and appears low-risk based on the metadata (no installs, no secrets). Before installing, review the full SKILL.md to confirm: (1) where it fetches public keys used for signature/chain-of-custody checks — prefer keys anchored to a trusted registry keyserver or registry-signed metadata rather than publisher-controlled URLs; (2) that it only fetches manifests/deltas and does not instruct the agent to download and execute arbitrary publisher-supplied scripts or archives; (3) the exact outbound endpoints it will contact (registry endpoints) so you can control egress or run the skill in a sandbox; and (4) how it treats incomplete or unsigned deltas (ensure it fails safe and does not auto-approve updates). If the SKILL.md contains commands that execute remote code or requests credentials, reconsider or run it in an isolated environment. My confidence is medium — I would raise to high if you confirm the SKILL.md never tells the agent to execute remote, publisher-supplied code and the verification keys are obtained from trusted, immutable sources.

Review Dimensions

Purpose & Capability: okThe name and description describe auditing published deltas; requesting curl and python3 is consistent with fetching registry endpoints and parsing/verifying signed deltas. There are no unrelated binaries, env vars, or config paths declared.
Instruction Scope: noteThe SKILL.md is an instruction-only runtime spec (no code files). The visible portions describe examining registries, parsing deltas, checking signatures and hash chains — all within scope. However, because the skill will instruct the agent to fetch remote manifests and likely to run python-based verification, you should inspect the full SKILL.md to confirm it does not direct the agent to execute arbitrary code downloaded from publisher-controlled URLs or to read unrelated local files. If the instructions tell the agent to run publisher-supplied scripts or to pull verification keys from untrusted endpoints, that would be a concern.
Install Mechanism: okNo install specification and no code files — lowest disk/write impact. The skill relies on system-provided curl and python3 only, which is proportionate to its purpose.
Credentials: okNo environment variables, credentials, or config paths are required. This is appropriate for a read-only auditor. One caveat: delta verification requires authoritative public keys or trusted registry metadata; if the instructions obtain keys from arbitrary publisher URLs (not a trusted keyserver or registry-signed record), that would reduce trustworthiness.
Persistence & Privilege: okalways is false, agent invocation is allowed (default) and appropriate. The skill does not request persistent presence or cross-skill configuration changes in the declared metadata.