Back to skill
Skillv1.0.0
ClawScan security
Expanso json-pretty · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent: it is an instruction-only Expanso pipeline that pretty-prints JSON, requests no credentials, and has no install steps or surprising behavior.
- Guidance
- This skill appears to do exactly what it says: pretty-print JSON using Expanso pipelines. It requires the expanso-edge binary to run and provides two modes (CLI and an HTTP server). There are no requested secrets. If you start the MCP HTTP server, be aware it binds to 0.0.0.0 by default and has no built-in authentication—avoid running it on a public interface unless you add network-level protections. Otherwise it is safe and coherent with its stated purpose.
Review Dimensions
- Purpose & Capability
- okThe name, SKILL.md, skill.yaml and pipeline YAML files all align: the skill's sole purpose is to parse and reformat JSON (CLI and HTTP/MCP modes). Required components (expanso-edge) match the stated purpose.
- Instruction Scope
- noteRuntime instructions only tell the agent to run expanso-edge with the provided pipeline files, run an MCP HTTP endpoint, or deploy to Expanso Cloud. The pipelines only parse/format JSON and add metadata. One operational note: the MCP pipeline enables an unauthenticated HTTP endpoint (0.0.0.0:${PORT:-8080} /format), which is expected for an HTTP formatting service but could be exposed if started on a public network.
- Install Mechanism
- okThere is no install specification and no code to download or execute; this is instruction-only and relies on the expanso-edge binary being present. Low install risk.
- Credentials
- okThe skill declares no required environment variables, no credentials, and skill.yaml has empty credentials. The files and instructions do not reference secrets or unrelated environment variables.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-level privileges or modify other skills' config. Autonomous invocation is allowed (platform default) but the skill's scope is limited.