Skillv1.0.0

ClawScan security

Expanso json-validate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 7:59 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to be a simple local JSON validator, but there are inconsistencies in its metadata vs. runtime instructions and an optional cloud-deploy path that could transmit data externally — review before installing or deploying sensitive input.
Guidance: What to check before installing or using this skill: - Verify you have a trusted expanso-edge binary (the skill expects that binary but the registry metadata didn't declare it). Only run pipelines with a known, official expanso-edge binary. - The default behavior is local parsing, which is coherent with the skill's purpose. However the README/README.md suggests you can deploy the pipeline to Expanso Cloud (https://skills.expanso.io). Avoid deploying pipelines that will process sensitive data unless you understand the cloud provider's policies and authentication requirements. - The pipelines add an input_hash (sha256) and trace_id to metadata. Hashes can sometimes be used to correlate or identify inputs; if you deploy or forward outputs, be aware this metadata will be included. - If you run MCP mode, it binds to 0.0.0.0:${PORT} — ensure you don't expose that port to the public internet unless you want to accept remote JSON submissions. - If you need to be confident this skill is safe: ask the publisher for confirmation of the expanso-edge binary provenance, and whether any optional cloud deployment requires credentials or will store/inspect submitted data. You can also run the skill in an isolated environment and monitor network traffic while feeding non-sensitive test inputs. Confidence notes: medium — the core functionality is locally scoped and clear, but the undocumented runtime dependency and explicit cloud-deploy instructions introduce enough ambiguity about potential data transmission to warrant caution.

Review Dimensions

Purpose & Capability: noteThe skill's files and pipelines implement local JSON validation (parsing, error messages, simple stats) which matches the name. However the package registry metadata did not declare the runtime dependency on the expanso-edge binary even though SKILL.md and the pipelines require it; that's a mismatch in declared requirements.
Instruction Scope: concernSKILL.md and pipelines run locally and do not call external APIs by default, but SKILL.md includes a 'Deploy to Expanso Cloud' command that would send the pipeline to https://skills.expanso.io. The pipelines compute and include an input_hash (sha256) and other metadata in outputs — if you deploy or otherwise send results to a remote service this could leak hashed or derived information about inputs. The MCP pipeline also exposes an HTTP endpoint on 0.0.0.0 which, if publicly exposed, will accept posted content.
Install Mechanism: okThis is instruction-only and has no install script or downloads — lowest-risk install behavior. The only runtime dependency is the expanso-edge binary, which must already be present on PATH (not installed by the skill).
Credentials: noteThe skill declares no required environment variables or credentials (skill.yaml credentials: []). The MCP instructions reference PORT for binding, which is normal. Be aware that the skill records an input_hash and trace_id in metadata; while not credentials themselves, these fields could be sensitive if shipped to an external service.
Persistence & Privilege: okThe skill does not request always: true and does not modify other skills or system-wide settings. It runs locally and only listens on an HTTP port if you start MCP mode.