Back to skill
Skillv1.2.0
ClawScan security
GPU CLI: Remote GPU Compute for ML Training and Inference · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 6:24 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and requested permissions are coherent with its stated purpose of safely wrapping a local 'gpu' CLI; nothing requested is disproportionate or unexplained.
- Guidance
- This skill appears to do exactly what it says: run the local 'gpu' CLI through a guarded wrapper. Before installing/using it: 1) review and keep dry-run on until you trust it (SKILL_DRY_RUN=true); 2) don't set SKILL_CONFIRM=yes unless you understand the cost implications (it can start paid pods via your provider); 3) verify and install the 'gpu' binary from a trusted source (the runner prints a curl | sh URL—treat that like any remote installer and inspect it first); 4) be aware the wrapper delegates networking and auth to the gpu binary, so you should audit/confirm that binary and its credentials separately; 5) if you rely on complex argument parsing, test edge cases (quoting, unusual gpu-type strings) because the script uses simple text parsing and fallbacks that may be brittle.
Review Dimensions
- Purpose & Capability
- okThe skill claims to run the local 'gpu' binary with guardrails and the bundle contains a wrapper (runner.sh), tests, docs, and a manifest matching that goal. It does not request unrelated credentials, binaries, or network permissions.
- Instruction Scope
- noteSKILL.md restricts allowed tools to the bundled runner and read-only access; runner.sh enforces a prefix and subcommand allowlist, a metacharacter blocklist, dry-run/confirmation gates, price/runtime caps, and direct exec of the gpu binary. This stays inside the stated scope. Minor note: some parsing (sed/grep/jq fallbacks and read -ra splitting) is best-effort and brittle in edge cases—this is a robustness concern, not an evidence of malicious behavior.
- Install Mechanism
- okNo install spec is provided (instruction-only), so nothing is downloaded or written by the skill itself. The runner.sh prints a suggested install command for the external 'gpu' binary (a curl | sh URL) only in an error message — that is not executed by the skill but is a user-visible suggestion you should verify before running.
- Credentials
- okThe skill does not request secrets or external service credentials. It exposes configuration via SKILL_* env vars (dry-run, caps, confirm, etc.) which are reasonable for this wrapper. It delegates networking and auth to the user-installed 'gpu' CLI, which is expected for this purpose.
- Persistence & Privilege
- okThe skill is not always-on and does not request elevated privileges or system-wide config changes. It may invoke 'gpu daemon start' via the gpu binary (to remediate transient errors) which can create background processes — this behavior is consistent with managing GPU jobs and is attributable to the gpu CLI rather than the skill itself.