ClawHub

ELPA

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears to do what it claims, but execute mode runs local training commands from your config, so only use trusted configs and training code.

This skill is reasonable for orchestrating your own forecasting training jobs. Before installing or using it, understand that --execute runs the command strings from your config on your machine. Start with the documented dry run, review the manifest carefully, run only trusted training code, and use an environment without unnecessary secrets.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Medium
What this means

If you run the orchestrator with --execute, commands from the training config can modify files, consume compute resources, or perform any action available to your local user account.

Why it was flagged

In execute mode, the script runs the rendered train_cmd through the local shell. This is disclosed and central to the skill's purpose, but it is broad authority: an unsafe config or unquoted placeholder value could run unintended local commands.

Skill content
completed = subprocess.run(
                item["train_cmd"],
                shell=True,
Recommendation

Use the dry-run output first, inspect every rendered command, and only execute configs and training entrypoints you trust. Avoid shell metacharacters in paths, and prefer safer argument-list execution if adapting the script.

#ASI03: Identity and Privilege Abuse
Low
What this means

Untrusted training code launched by this skill could access environment variables available in the shell where you run it.

Why it was flagged

Child training commands inherit the current process environment and any model-specific environment variables. This is typical for launching training jobs, but it means those jobs may see local environment variables such as tokens or service configuration.

Skill content
env = os.environ.copy()
        env.update(item.get("env", {}))
Recommendation

Run it in a least-privilege environment, remove unnecessary secrets from the environment before execution, and only point train_cmd at trusted codebases.