Skillv0.1.5

ClawScan security

Releaseguard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 25, 2026, 4:19 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (scanning/hardening/signing release artifacts) matches the instructions and requirements; nothing requested appears unrelated, though the inline install guidance includes potentially risky curl|sh usage and metadata omits optional cloud env vars.
Guidance: This skill appears internally consistent with its purpose. Before installing or running it: (1) prefer the Homebrew install if available; (2) never blindly run curl ... | sh — review the install script or download the release artifact and verify checksums/signatures from the project's GitHub Releases; (3) provide cloud tokens (RELEASEGUARD_CLOUD_TOKEN) or OIDC tokens only when you intentionally use cloud features or keyless signing; (4) ensure the releaseguard binary on PATH is the official one you vetted; and (5) remember the skill is instruction-only — it only performs actions if the agent runs the releaseguard commands or you run the installer locally.

Review Dimensions

Purpose & Capability: okName and description match the runtime instructions. The skill requires the releaseguard binary (declared) and the commands documented (check, fix, sbom, sign, obfuscate, verify, etc.) are consistent with an artifact policy engine.
Instruction Scope: noteRuntime instructions focus on running releaseguard against artifact paths (no instructions to read unrelated system files or secrets). The SKILL.md documents which flags trigger network calls and which require credentials. It does include install guidance that, if executed, would run system-level install commands — the instructions recommend reviewing scripts first.
Install Mechanism: concernThe skill is instruction-only (no automatic install), which is low-risk. However SKILL.md suggests three install routes: Homebrew (recommended), direct GitHub releases, and a curl | sh installer. The piped-script pattern (curl ... | sh) is explicitly shown — this is common but risky if executed without review. The README does advise reviewing the script before running.
Credentials: noteDeclared requires.env is empty, which is acceptable because core commands are offline. SKILL.md documents optional credentials (OIDC token for keyless Sigstore signing; RELEASEGUARD_CLOUD_TOKEN for cloud obfuscation/services; local private key files for local signing). Those optional credentials are proportionate to the features, but the metadata omission of these optional env vars is an inconsistency worth noting.
Persistence & Privilege: okalways:false and no requested config paths or persistent changes to other skills. The skill is user-invocable and can be invoked autonomously (platform default), which is expected for tools of this kind.