Skillv0.5.3

ClawScan security

SecureVibes Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 2:23 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, wrappers, and runtime instructions are coherent with an AI-powered scanner that calls a separate 'securevibes' CLI and Anthropic/Claude for analysis; nothing in the bundle appears to demand unrelated credentials or perform unexpected exfiltration, but I could not fully verify the truncated portions of the long Python file so review of the full source and the external 'securevibes' CLI is recommended before use.
Guidance: This skill appears to be what it says: a wrapper around a third-party 'securevibes' CLI that runs scans (using Anthropic/Claude). Before installing or scheduling it, do the following: 1) Review the full ops/incremental_scan.py source (the provided listing was truncated in places) to confirm there are no unexpected network calls or obfuscated logic. 2) Inspect and vet the 'securevibes' CLI (pipx/pypi package) because that binary performs the actual scanning and will likely send code to Anthropic; verify its privacy/data-retention policy. 3) Only point scans at repositories you own or are allowed to test — scanning will read repository contents and may transmit code to Anthropic. 4) Prefer running an initial full scan manually to validate behavior and outputs before enabling cron/automation. 5) Keep ANTHROPIC credentials under your control (use service accounts or scoped keys where possible) and understand whether OAuth or API keys are used in your environment. If you want higher assurance, run the securevibes CLI in an isolated environment and inspect network traffic to confirm where scan data is sent.

Review Dimensions

Purpose & Capability: okName/description claim an AI-based security scanner that uses Claude/Anthropic and supports full and incremental scans. The bundled wrapper scripts and an incremental scanner are exactly what you'd expect for that functionality. The skill does not request unrelated system credentials or binaries beyond git and the 'securevibes' CLI, which are appropriate for scanning and git-based incremental checks.
Instruction Scope: noteSKILL.md instructs running local scans, scheduling cron jobs, using the scripts/scan.sh wrapper, and having the incremental scanner update and read state files under the target repo's .securevibes/ directory — all consistent with the stated function. It also instructs the agent/subagent to 'cd' into the repo and run git pull, which is normal for incremental scanning but gives the skill access to repository contents (including any sensitive files in the repo). The SKILL.md references ANTHROPIC_API_KEY (optional) and OAuth; these are expected because analysis uses Claude. Overall scope stays within scanning behavior, but users should note that scans will cause code to be processed (and, via the securevibes CLI, likely sent to Anthropic) so do not point it at repos you cannot disclose.
Install Mechanism: okNo install spec in the registry bundle — the skill is instruction+scripts which call an external 'securevibes' CLI. The README recommends pipx install securevibes (a reasonable distribution method) and the scripts check for the binary. There are no remote downloads or archives embedded in the install spec, which reduces installer risk. The only external software required is the third-party 'securevibes' package, which should be reviewed separately.
Credentials: noteThe registry metadata declares no required env vars, and the skill itself does not demand unrelated credentials. SKILL.md and scripts reference ANTHROPIC_API_KEY (optional) or OAuth for Anthropic/Claude access — proportionate because the scanner uses Claude. Users should be aware that leaving ANTHROPIC_API_KEY unset will rely on OAuth sessions, which in some environments may or may not exist; the securevibes CLI and Anthropic access are the only external auth surfaces mentioned.
Persistence & Privilege: okalways:false and normal autonomous invocation. The skill writes state and logs into the target repository under .securevibes/ (expected for incremental scans). It does not request persistent, cross-skill privileges or modify other skills' configuration. Cron scheduling is suggested but not enforced by the registry metadata.