Back to skill
Skillv0.1.1
ClawScan security
Manage Teams · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 11:41 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required tools, and scope align with its stated purpose of managing OpenAnt teams; it is an instruction-only wrapper around the OpenAnt CLI and does not request unrelated credentials or system access.
- Guidance
- This skill is a thin instruction wrapper around the OpenAnt CLI and appears internally consistent. Before installing/use: (1) confirm you trust the npm package @openant-ai/cli (npx will fetch and execute it at runtime); prefer pinning a version instead of @latest for auditability; (2) be aware team deletion and member removal are destructive — the skill already asks to confirm but you should double-check prompts; (3) ensure your OpenAnt authentication (handled by authenticate-openant) is stored/used securely and that the agent only performs actions you explicitly approve.
Review Dimensions
- Purpose & Capability
- okThe name/description match the runtime instructions: all commands are calls to the @openant-ai CLI (teams list/get/create/join/add-member/remove-member/delete). Nothing in the SKILL.md asks for unrelated capabilities (no cloud provider creds, no other service tokens).
- Instruction Scope
- okInstructions are narrowly scoped to running the OpenAnt CLI with --json and handling team operations. The document explicitly delegates authentication to an authenticate-openant skill and instructs confirmation for destructive actions. It does not instruct reading arbitrary files, system state, or exfiltrating data.
- Install Mechanism
- noteNo install spec or code files are present (instruction-only). However, the skill relies on npx @openant-ai/cli@latest which will download and execute a package from the npm registry at runtime — this is expected for invoking a CLI but does run remote code transiently. Consider pinning a specific version rather than @latest if you want reproducibility/auditing.
- Credentials
- okThe skill declares no required environment variables or credentials. Authentication is handled implicitly by the OpenAnt CLI (the skill points to an authenticate-openant skill). There are no unrelated secrets or config paths requested.
- Persistence & Privilege
- okThe skill is user-invocable, not always-enabled, and does not request elevated platform privileges or attempt to modify other skills or system-wide settings.