Back to skill
Skillv0.1.0
ClawScan security
Send Message · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 2:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are coherent with its purpose (sending/reading OpenAnt DMs) and do not ask for unrelated credentials or risky side-effects, though it relies on running an external npm CLI at runtime which you should verify before use.
- Guidance
- This skill is coherent for messaging on OpenAnt. Before installing/using it: 1) verify the @openant-ai/cli package (owner, source, and consider pinning to a specific version instead of @latest) because npx will download and execute the package at runtime; 2) confirm how your OpenAnt credentials are stored on the host and that you trust the CLI to use them; 3) optionally try the commands in a controlled environment or inspect the CLI source first; and 4) review the referenced authenticate-openant skill if you are not already authenticated.
Review Dimensions
- Purpose & Capability
- okName, description, and runtime instructions all consistently target sending and receiving direct messages on OpenAnt using the @openant-ai CLI. Nothing requested (no env vars, no config paths) is unrelated to messaging.
- Instruction Scope
- okSKILL.md stays on-topic: it instructs checking auth, listing notifications, reading conversations, sending messages, and marking notifications read. It does not instruct reading unrelated files or exfiltrating data to external endpoints.
- Install Mechanism
- noteThere is no install spec (instruction-only), but every command uses `npx @openant-ai/cli@latest` which will fetch and run code from the npm registry at runtime. That is reasonable for using a CLI client, but it means arbitrary code from the specified npm package will be executed when invoked — consider pinning a specific version or verifying the package's provenance.
- Credentials
- okThe skill declares no required environment variables or credentials. The CLI will use whatever authentication the user's OpenAnt client provides, which is proportional to the task. The instructions do not request unrelated secrets.
- Persistence & Privilege
- okSkill is user-invocable, not always-included, and allows model invocation (normal). It does not request persistent system-wide changes or modify other skills' configs.