Skillv1.0.2

ClawScan security

expanso · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with deploying an Expanso Edge node, but it asks you to run remote install scripts (curl | bash) and to provide a bootstrap token that grants the cloud authority to deploy pipelines to your machine — both reasonable for this purpose but high‑risk and worth caution.
Guidance: This skill appears to do what it says (connect your machine as an Expanso Edge and deploy pipelines), but there are two things to consider before installing: - Review the install scripts before running them. The SKILL.md recommends curl | bash from get.expanso.io; that runs remote code on your machine. Fetch the script first (curl ... -o install.sh) and review it, or prefer installation via your OS package manager if available. - Treat the bootstrap token as highly sensitive. Anyone with it (or a compromised marketplace entry) can deploy pipelines to your Edge that will execute locally. Use least-privilege tokens, create a dedicated org/node with limited access, and rotate/revoke tokens after testing. - Audit the marketplace pipelines you deploy. Ensure any pipeline you run is from a trusted publisher and inspect pipeline definitions if possible. If you want to proceed more safely: run the installer in an isolated environment (VM/container), manually inspect the install scripts, and verify the get.expanso.io TLS certificate and domain alignment with official Expanso pages before providing credentials. If you can, obtain bootstrap credentials scoped to test/development rather than your production environment.

Review Dimensions

Purpose & Capability: okThe name/description (deploy and run Expanso pipelines locally) matches the declared requirements: curl and the EXPANSO_EDGE_BOOTSTRAP_URL / EXPANSO_EDGE_BOOTSTRAP_TOKEN environment variables are exactly what a cloud‑managed edge node would need.
Instruction Scope: noteSKILL.md stays within the stated purpose: it instructs you to install the Edge and CLI, set bootstrap URL/token, start expanso-edge, and deploy pipelines from the marketplace. However, starting the Edge registers the node with Expanso Cloud and allows remote pipeline deployments — this is expected but grants the cloud the ability to run code on your machine, so the instructions have significant operational impact.
Install Mechanism: concernThe instructions use curl -fsSL https://get.expanso.io/... | bash (and sh) — i.e., download-and-pipe-to-shell. Even if the domain matches other Expanso domains in the SKILL.md, piping remote install scripts to a shell is high-risk because it executes code fetched at install time without local review.
Credentials: concernThe skill requires a bootstrap URL and token (EXPANSO_EDGE_BOOTSTRAP_URL and EXPANSO_EDGE_BOOTSTRAP_TOKEN) and designates the token as the primary credential. Those are necessary for the stated cloud-managed workflow, but the bootstrap token is a high‑privilege credential (it lets the cloud deploy pipelines to your Edge). Requesting that token is proportionate to the purpose, but it represents a sensitive capability and should be treated as such.
Persistence & Privilege: okalways is false and the skill doesn't request system paths or to modify other skills. No persistent or force-included privilege is requested by the skill metadata.