Skillv1.0.0

ClawScan security

Publisher Identity Verifier · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 8:06 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (verifying publisher identity) is coherent with its requirements (curl, python3) and it is instruction-only, but the SKILL.md is high-level and the skill itself lacks provenance which warrants caution.
Guidance: This SKILL.md is an instruction-only guidance tool and appears internally consistent, but before installing: 1) Note the skill has no homepage and the publisher cannot be verified — you are trusting an unverifiable verifier. 2) Because the instructions are open-ended, ensure the agent enforces network/rate limits and legal/ToS policies to avoid aggressive scraping or unintended data collection. 3) Prefer running this skill in a restricted/sandboxed agent (limited outbound network access) until you confirm its behavior. 4) Ask the publisher for an implementation or audited code (or a documented list of endpoints the skill will query) if you need stronger assurance. 5) Treat its outputs as advisory signals — manually verify high-impact findings (e.g., alleged key rotations or impersonation) before acting.

Review Dimensions

Purpose & Capability: noteThe name/description align with the requested primitives: web queries and simple analysis (curl + python3) are reasonable for cross-platform identity checks. However, the skill package has no homepage and an unknown source/owner ID; a tool that audits identity while having no verifiable provenance is a modest concern because you cannot independently vet who produced the verifier.
Instruction Scope: noteSKILL.md contains a clear, high-level checklist (publication history, key rotation, homoglyph detection, cross-platform correlation). It does not include any instructions to access local files or secrets. It is open-ended about what platforms to query and how aggressively to crawl — this grants broad discretion to the agent and could lead to extensive data collection, scraping, or contacting many third-party endpoints unless the runtime agent enforces limits and policies.
Install Mechanism: okNo install spec or code is provided (instruction-only). That minimizes installation risk because nothing is written to disk by the skill itself. Required binaries (curl, python3) are common and proportional to the described tasks.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is appropriate for a tool that examines public identity signals; there is no unexplained secret or elevated access request.
Persistence & Privilege: okDefaults are used (no always:true). The skill is user-invocable and can be invoked autonomously per platform defaults; that is expected for a utility skill. There is no request to modify other skills or persist credentials.