Back to skill
Skillv0.1.0
ClawScan security
Verify Submission · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 2:21 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: its instructions only call the OpenAnt CLI (via npx) to list/accept/reject applications and verify submissions, and it does not request unrelated credentials or filesystem access.
- Guidance
- This skill appears to do exactly what it says: it runs the OpenAnt CLI to list applicants and approve/reject submissions. Before installing: (1) Confirm you trust the @openant-ai/cli npm package and its publisher because the skill runs npx @openant-ai/cli@latest (runtime package fetch). (2) Ensure the agent has proper authentication (use authenticate-openant) and that credentials are stored securely. (3) Be aware that approving a submission releases escrowed funds — if you don't want automated or mistaken payouts, restrict autonomous agent actions or require explicit confirmation from you before approvals. (4) If you need extra assurance, inspect the CLI package source or test the workflow on a non-critical task first.
Review Dimensions
- Purpose & Capability
- okThe name/description match the runtime instructions: all examples and allowed-tools are npx @openant-ai/cli commands for reviewing applications and verifying submissions. Required permissions and actions (accept/reject/approve) are coherent with being a task-creator verifier.
- Instruction Scope
- okSKILL.md confines actions to specific OpenAnt CLI commands and JSON output. It does not instruct reading unrelated files, environment variables, or posting data to external endpoints. It references an authenticate-openant skill for authentication, which is a reasonable external dependency but not declared in metadata.
- Install Mechanism
- noteThere is no install spec in the registry, but the instructions and allowed-tools require running npx @openant-ai/cli@latest at runtime. That causes npm to fetch/execute a package on demand — a traceable but non-trivial supply-chain risk. Review the npm package and its maintainer/source if you require stricter guarantees.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The actions it performs (using the OpenAnt CLI) generally require being authenticated as the task creator; this is referenced via the authenticate-openant skill rather than by requesting credentials here, which is proportionate.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide configuration changes or access to other skills' configs. Note: the SKILL.md states the agent may execute approvals when review criteria are provided — approvals trigger escrow release on OpenAnt, so consider agent autonomy settings if you want to limit automatic fund releases.