Back to skill
Skillv0.1.0
ClawScan security
Team Task Dispatch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 4:34 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are consistent with coordinating OpenAnt team subtasks; it is instruction-only and requests no unrelated credentials or installs, but it directs immediate, state-changing actions without confirmation and assumes npx/CLI availability which you should review before installing.
- Guidance
- This skill appears to do what it says: run the OpenAnt CLI to manage subtasks. Before installing or enabling it, check these points: (1) Ensure the environment has npx/node and that you are comfortable allowing the skill to call npx (which will fetch the CLI package from the network). (2) Verify how the OpenAnt CLI authenticates — the SKILL.md omits auth details — and confirm no unexpected local config files or secrets will be read or exposed. (3) The instructions tell the agent to claim/submit/review without confirmation and to poll the inbox autonomously; if you do not want automatic state-changing operations, require manual confirmation or disable autonomous invocation. (4) The SKILL.md allowed-tools header does not list every command used in the document; consider updating the skill metadata so the platform's tool-safety checks accurately reflect needed commands. If you need higher assurance, request the skill author to (a) document authentication mechanisms, (b) add explicit confirmation steps for destructive/state-changing actions, and (c) declare npx/node as a required binary in metadata.
Review Dimensions
- Purpose & Capability
- okThe name/description match the instructions: the SKILL.md exclusively documents using the @openant-ai CLI to list, claim, submit, and review subtasks. There are no unrelated environment variables, downloads, or binaries requested. Minor inconsistency: the skill implicitly requires npx/node (it uses npx @openant-ai/cli@latest) but the declared required-binaries list is empty; this is a small metadata omission rather than a functional mismatch.
- Instruction Scope
- concernThe runtime instructions tell the agent to execute many state-changing commands (claim, submit, review, create subtasks) with 'No' confirmation and to poll the inbox autonomously. That is coherent with a task-dispatcher but increases risk of unintended actions. The SKILL.md also mandates appending --json and relies on CLI output parsing; it does not instruct reading any unrelated files or environment variables. Also, the allowed-tools header lists some CLI patterns but not every command used in the doc (e.g., submit/review/start), which may be a tooling/metadata mismatch.
- Install Mechanism
- okInstruction-only skill with no install spec or bundled code — low installation risk. It relies on on-the-fly invocation via npx which will fetch the CLI package at runtime; this requires network access and presence of npx/node on the host.
- Credentials
- okNo environment variables, secrets, or config paths are declared or requested. Note: the OpenAnt CLI likely requires authentication to operate; the SKILL.md does not describe how credentials are provided (e.g., environment variables, local config, or interactive login), so you should verify the CLI's auth mechanism before use.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and does not claim persistent system privileges. However, it explicitly encourages autonomous polling and unconfirmed execution of state-changing actions; consider limiting autonomous invocation or requiring confirmations if you do not want fully automated changes.