Skillv0.1.0

ClawScan security

Monitor Tasks · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 11:42 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, required tools, and scope align with its stated purpose (monitoring OpenAnt tasks/notifications/stats); the main caution is that it runs npx @openant-ai/cli@latest (pulling code from npm) which is a supply‑chain/runtime risk and the skill autonomously recommends executing commands without confirmation.
Guidance: This skill appears coherent for monitoring OpenAnt activity. Before installing/using it, confirm you trust the @openant-ai/cli npm package (npx will download and execute code at runtime, and @latest can change over time). If you prefer less risk, ask the skill author to pin a specific CLI version or preinstall an audited binary. Be aware that 'notifications read-all' changes server state (it marks items read) and 'watch' may create subscriptions; if you want manual control, avoid automatic execution of state-changing commands. Finally, authenticate using the recommended authenticate-openant skill so the CLI behaves as expected.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: all declared commands are about checking status, notifications, tasks, stats, watch, and wallet balance on the OpenAnt platform. The commands requested (npx @openant-ai/cli) are what you'd expect for a platform-monitoring skill.
Instruction Scope: noteSKILL.md instructs the agent to run only OpenAnt CLI commands and to always append --json. It explicitly marks most commands as read-only and notes the single modifying command (notifications read-all). It does not instruct reading local files, environment variables, or unrelated system state. Note: 'execute immediately without user confirmation' increases autonomy — understandable for monitoring but worth user awareness.
Install Mechanism: concernThe skill is instruction-only (no install spec) but the allowed-tools invoke npx @openant-ai/cli@latest. npx downloads and runs code from the npm registry at runtime; using the @latest tag means the exact code may change over time. This is an expected pattern for CLI usage but does present a supply-chain/runtime execution risk compared with a pinned release or preinstalled, audited binary.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The data accessed by commands (notifications, tasks, wallet balance) is appropriate for the stated monitoring purpose.
Persistence & Privilege: okalways:false and no installs or config modifications are requested. Model invocation is enabled (normal). The skill does not request permanent presence or modify other skills' configuration.