Skillv0.1.2

ClawScan security

Accept Task · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 1, 2026, 10:26 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements match its stated purpose (using the OpenAnt CLI to accept or apply for tasks); it is instruction-only and does not request unrelated credentials, but it relies on npx to fetch/execute a remote CLI and encourages immediate acceptance without extra confirmations.
Guidance: This skill appears coherent for accepting/applying to tasks on OpenAnt, but consider the following before installing: (1) The skill runs npx @openant-ai/cli@latest which downloads and executes code from the npm registry — if you care about supply-chain safety, prefer a pinned version or inspect the CLI source first. (2) The SKILL.md encourages immediate acceptance with 'No confirmation needed' — make sure you (or the agent policy) only call this after explicit user approval, since accepting a task can commit your account. (3) The skill delegates authentication to an 'authenticate-openant' skill; review how that handles credentials. If you expect safer behavior, request confirmation steps or version-pinning for the CLI.

Purpose & Capability: okName, description, and allowed tools all point to using the OpenAnt CLI to accept or apply for tasks. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope: noteInstructions are narrowly scoped to calling the OpenAnt CLI (status, tasks get, accept, apply). However the SKILL.md explicitly says to execute immediately when the user asks the agent to find and take work and 'No confirmation needed' — this can cause irreversible account-side actions (accepting assignments) if the agent runs autonomously. The skill does not instruct reading unrelated files or env vars.
Install Mechanism: noteInstruction-only (no install spec) but relies on npx @openant-ai/cli@latest at runtime. That will fetch and execute code from the npm registry (supply-chain risk compared with a pinned or audited binary). This is expected for a CLI-driven skill but worth noting.
Credentials: okThe skill declares no required environment variables or credentials. It references an external 'authenticate-openant' skill for auth; the current skill does not request unrelated secrets.
Persistence & Privilege: okalways:false and no install or config writes are present. The skill does not request permanent presence or access to other skills' configs. The main concern is the guidance to act immediately without confirmation.