Back to skill
Skillv1.1.2
ClawScan security
CS Relogin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 5:25 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requested resources, and purpose (switching a local OpenAI/Codex account via the local cs CLI) are internally consistent and proportional.
- Guidance
- This skill is coherent: it simply automates calls to your local `cs` CLI to switch/relogin Codex accounts. Before using it, ensure you trust the local `cs` binary and the environment where the agent runs. Do not paste full callback URLs or tokens into chat unless you understand they may be used as command arguments (these can appear in process lists or stderr). If you're uncomfortable, run `cs relogin` and the callback completion manually in a terminal instead of via the agent. If the agent reports raw stderr on failure, inspect it locally before sharing to avoid accidental secret disclosure.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: the skill only tells the agent to run the local `cs` command for relogin, status, and callback completion. It declares no unrelated env vars, binaries, or installs.
- Instruction Scope
- noteInstructions are narrowly scoped to invoking `cs relogin`, `cs relogin "<callback>"`, and `cs status`. However, the skill explicitly instructs the agent to include raw cs stderr on failures and to accept/paste callback URLs. Those actions are necessary for relogin but can expose sensitive tokens if the callback URL or stderr contain secrets; the SKILL.md does include a rule to never expose full tokens, but returning raw stderr may still leak sensitive data in some cases.
- Install Mechanism
- okInstruction-only skill with no install steps and no code files — nothing is written to disk by the skill itself.
- Credentials
- noteThe skill requests no environment variables or credentials, and only uses the local `cs` CLI. This is proportionate. Caveat: completing OAuth requires pasting a callback URL (which can contain tokens) as a command argument; placing secrets on the command line or returning raw stderr can expose them to local process listings or chat outputs.
- Persistence & Privilege
- ok`always` is false and there is no requested permanent presence or modification of other skills or global config. The skill runs only on explicit invocation or normal autonomous invocation rules.