Back to skill
Skillv0.1.0
ClawScan security
My Tasks · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 11:42 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are coherent with a read-only “view my tasks” helper, but it relies on running npx to fetch and execute a remote CLI and is written to run commands immediately without additional confirmation — so review the remote package trust before use.
- Guidance
- This skill appears to do what it says: read-only queries of your OpenAnt tasks. Before installing/using it, consider: 1) npx @openant-ai/cli@latest will download and run code from npm each time — only run it if you trust the @openant-ai/cli package and its publisher; prefer a pinned version/checksum if possible. 2) The skill is written to execute commands immediately (no extra confirmation). If you want tighter control, run the CLI commands manually first to verify output and authentication. 3) Ensure the authenticate-openant skill (or whatever you use to sign in) is trustworthy, since --mine queries depend on your session token. If any of these points worry you, run the CLI locally yourself instead of allowing autonomous execution.
Review Dimensions
- Purpose & Capability
- okName/description match the actions in SKILL.md: all commands are read-only queries against the user's own tasks (e.g., tasks list --mine, tasks get). There are no unrelated credentials, binaries, or filesystem accesses requested.
- Instruction Scope
- noteInstructions stay within the stated purpose (viewing a user's tasks) and explicitly require authentication. They do instruct the agent to run shell commands (npx @openant-ai/cli@latest ...) and to always append --json. The SKILL.md also directs the agent to execute immediately without user confirmation, which is a behavioral choice that expands the agent's autonomy and should be considered by the user.
- Install Mechanism
- noteNo install spec is provided (instruction-only), but all commands use npx @openant-ai/cli@latest. Running these commands will cause npx to fetch and execute a package from the npm registry at runtime. That is expected for a CLI-based skill, but it does mean remote code is executed dynamically and the skill does not provide a pinned version or checksum.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. It correctly instructs the agent to verify authentication via the CLI status output before running --mine queries. No unrelated secrets are requested.
- Persistence & Privilege
- concernThe skill is not always-enabled, and model invocation is allowed (normal), however the SKILL.md explicitly states commands are to be executed immediately without user confirmation. Combined with dynamic npx execution, this increases the potential blast radius if the fetched CLI or its network interactions are malicious or compromised.