Back to skill
Skillv1.1.0
ClawScan security
Skill Mcp Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 24, 2026, 2:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only audit checklist for MCP servers and its requirements and instructions are coherent with that purpose.
- Guidance
- This is a procedural audit checklist (no code). It's generally safe to use. Before running the recommended commands, ensure you have local copies of the MCP server code (don't run arbitrary install scripts from untrusted packages), run the audit in an isolated environment if possible, and make sure the host has the tools the guide references (jq, grep, npm, pip-audit). The checklist may produce false positives; use manual review for high-risk findings and verify package provenance and signatures before enabling an MCP server in production.
Review Dimensions
- Purpose & Capability
- okThe name/description and the SKILL.md consistently describe an MCP security audit. The skill requests no credentials, binaries, or installs, which is proportionate for a procedural audit/checklist.
- Instruction Scope
- noteThe SKILL.md tells the operator to run local inspection commands (grep, npm audit, pip-audit, review package.json, etc.) and to check for access to sensitive paths like ~/.ssh or process.env. Those actions are appropriate for an audit, but they assume access to source code and host tooling. The instructions do not instruct exfiltration or contacting any hidden endpoints.
- Install Mechanism
- okNo install spec or code files — instruction-only — so nothing will be written to disk by the skill itself. This is the lowest-risk install model.
- Credentials
- okThe skill declares no required environment variables or credentials. The SKILL.md sensibly recommends checking for credential leakage but does not ask for secrets from the user.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; model invocation is allowed (the platform default). There is no request for permanent system presence or to modify other skills or global agent settings.