Skillv2.0.1

ClawScan security

ZipCracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 11, 2026, 10:32 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a self-contained ZIP cracking toolkit whose code, wrapper, and runtime instructions match the stated CTF/recovery purpose; behavior that reaches outside (downloads bkcrack/pyzipper, spawns subprocesses, writes extracted files) appears proportional to that purpose.
Guidance: This skill appears to do what it says (ZIP CTF cracking) and includes the code for that work, but take these precautions before using it: 1) Use only on archives you own or are authorized to test. 2) Run it in an isolated workspace (not your home directory) because it will write extracted files and temp files to the current working directory. 3) The tool may fetch bkcrack/other binaries and call subprocesses to run them — if you have network or execution policies, review and restrict those before allowing automatic installs. 4) By default the wrapper disables automatic installs, but enabling --allow-install-prompts or related env flags can cause external downloads; only enable them knowingly. 5) If you need to be extra cautious, review the included scripts (zipcracker_core.py and wrapper) locally and run in a sandbox or VM.

Review Dimensions

Purpose & Capability: okName/description align with included code and bundled password list. The files and CLI wrapper implement ZIP profiling, dictionary/mask/KPA workflows and integrations (bkcrack, pyzipper) that are expected for this functionality.
Instruction Scope: okSKILL.md stays on-topic: it tells the agent to gather ZIP-specific inputs, run profile mode, and run the bundled wrapper with explicit flags. It does not instruct arbitrary file-system or credential harvesting. It does instruct keeping the CWD as the project directory (which affects where outputs are written) — this is relevant operationally but not out-of-scope.
Install Mechanism: noteThere is no install spec in the registry (skill ships as code), but the core script can make network calls at runtime (GitHub API, downloads for bkcrack/MSVC redistributables, optional pip mirror). Those runtime downloads are coherent with needing bkcrack/pyzipper but constitute higher-risk behavior than pure offline scripts. The wrapper defaults to disabling automatic interactive installs unless explicitly allowed.
Credentials: okThe skill declares no required env vars or credentials. It defines option env names (e.g., ZIPCRACKER_AUTO_INSTALL_BKCRACK) for runtime behavior, which is reasonable. No unrelated secrets or cloud credentials are requested.
Persistence & Privilege: notealways:false and normal autonomous invocation are set. The skill writes temp files and extracted files (default OUT_DIR 'unzipped_files') into the working directory and may create other temp artifacts; it also spawns subprocesses (bkcrack, pip, pyzipper usage). This is expected for a cracking tool but users should be aware of file writes and subprocess execution.