Skillv1.0.0

ClawScan security

Expanso yaml-to-json · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an internally consistent, instruction-only skill that converts YAML to JSON using Expanso pipelines; it requests no secrets and has no install spec, but it expects you to run the expanso-edge runtime and (optionally) starts an HTTP endpoint which you should be aware of.
Guidance: This skill appears to do exactly what it says: convert YAML to JSON using Expanso pipelines and it does not request any secrets. Before installing/run: (1) ensure you trust the 'expanso-edge' runtime the skill expects to run; (2) be aware that the MCP pipeline listens on 0.0.0.0:${PORT:-8080} — consider firewall rules or binding to localhost if you don't want it exposed; (3) exercise caution when parsing untrusted YAML (some YAML parsers support unsafe constructors); and (4) if you plan to use the 'Deploy to Expanso Cloud' command, understand that your YAML will be sent to an external service (skills.expanso.io). If any of those are concerns, review the included pipeline YAML files and only run with non-sensitive test data until you're comfortable.

Review Dimensions

Purpose & Capability: noteThe skill's files and pipelines clearly implement a YAML→JSON conversion (pipeline-cli.yaml and pipeline-mcp.yaml). One minor inconsistency: SKILL.md documents that the 'expanso-edge' binary is required, but the packaged metadata lists no required binaries. Requiring expanso-edge is reasonable for an Expanso pipeline, but the omission from metadata is worth noting.
Instruction Scope: noteAll runtime instructions stick to the stated purpose: the CLI pipeline reads stdin and returns a JSON object with parsed data and metadata; the MCP pipeline exposes an HTTP POST /convert endpoint that accepts YAML and returns parsed JSON. The pipelines do not access credentials, system files, or external endpoints. Points to be aware of: the MCP pipeline binds to 0.0.0.0:${PORT:-8080} (network-exposed), and the pipeline uses parse_yaml() — depending on the underlying parser, parsing untrusted YAML can carry risks (e.g., unsafe constructors).
Install Mechanism: okNo install spec or code is bundled; this is instruction-only. SKILL.md tells the user to install expanso-edge (via 'clawhub install expanso-edge') but the skill package does not itself download or run code.
Credentials: noteThe skill declares no required environment variables or credentials. The MCP pipeline optionally uses PORT (default 8080) via ${PORT:-8080} which is reasonable. No secrets or unrelated environment access are requested.
Persistence & Privilege: okalways:false and no install-time persistence or configuration changes are requested. The skill does not request elevated privileges or modify other skills' configuration.