Skillv0.1.3

ClawScan security

Pypi Package Changelog Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 4:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested credential (optional GitHub token) are coherent with its stated purpose of generating PyPI package changelogs; no obvious misdirection or hidden exfiltration was found, though there are a few implementation and metadata inconsistencies to be aware of.
Guidance: This skill appears to do what it says: compare PyPI releases using PyPI APIs, GitHub compare when a public GitHub repo is present, and fall back to sdist archive diffs. Before installing or enabling it: (1) Prefer not to provide a GitHub token unless needed — if you do, inject it as GITHUB_TOKEN via the environment and use a short-lived, minimal read-only token. (2) Ensure the agent runtime is Python 3.12+ (the wrapper enforces this at runtime). (3) Review whether you are comfortable the bundled code will make network requests to pypi.org and api.github.com and will extract source archives locally. (4) Note the minor metadata inconsistency: the registry says no required env vars but the skill declares GITHUB_TOKEN as primary; this token is optional per the SKILL.md. (5) If you need absolute assurance, inspect the included source files (they are bundled) or run the tool in an isolated environment before granting tokens.

Review Dimensions

Purpose & Capability: okName/description match the code: the package queries PyPI for releases, optionally uses the GitHub API to compare tags/commits, and falls back to sdist archive diffs. Required binary (python3) and optional GITHUB_TOKEN align with these behaviors.
Instruction Scope: okSKILL.md instructs the agent to run the included scripts/invoke.py, supply package + version parameters, and (optionally) inject GITHUB_TOKEN via an environment variable. The instructions explicitly limit token use to GitHub API calls and warn against echoing or leaking it. The proactive selection guidance (call this skill when user intent matches) is broad but consistent with expected behavior.
Install Mechanism: noteThere is no separate install spec (no external downloads), and the skill bundles Python code that the agent will run directly. This is lower-risk than remote installers, but note the bundle includes many vendored packaging modules and archive-diff logic that will be executed locally when invoked.
Credentials: noteThe skill uses an optional GITHUB_TOKEN for GitHub API requests, which is proportionate to the stated purpose. Minor inconsistency: top-level registry metadata lists "Required env vars: none" while a primary credential (GITHUB_TOKEN) is declared — the token is optional per SKILL.md but appears as the skill's primaryEnv. Recommend only providing a minimal, read-only, short-lived token (or none).
Persistence & Privilege: okalways:false and the skill does not request system-wide persistence or modify other skills. It will run included Python code on demand and does not attempt to change agent configuration beyond using an injected env var.