Skillv1.0.0

ClawScan security

Spec Kit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 12:06 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a legitimate Spec-Driven Development workflow, but there are inconsistencies in the instructions and it tells the agent to fetch and run code from external repositories (via uvx) without declaring those install/network effects or any required credentials — review before running.
Guidance: What to consider before installing or using this skill: - The skill is mostly coherent for a Spec-Driven Development workflow, but double-check the tooling names: examples call 'uvx' while prereqs list 'uv'. Ensure you have the correct binary and version. - The instructions tell you to fetch and run code from GitHub via uvx. Treat this like running any third-party install: inspect the upstream repository (https://github.com/github/spec-kit) and review its install scripts before executing in a sensitive environment. - The tool will create files, run tests, and commit to the local git repo. Ensure you run it in a disposable or well-backed-up workspace if you don’t want unintended changes pushed. - The skill doesn’t request API keys, but using AI agents or pushing to remote git may use credentials already on your machine. Be aware of implicit credential use and confirm your credential helpers and remotes are configured as you expect. - If you want higher assurance, ask the publisher for: explicit install instructions (or a packaged release with checksums), clarification on 'uv' vs 'uvx', and a pointer to the exact release tag to be used instead of a generic git+https ref.

Review Dimensions

Purpose & Capability: noteName/description (Spec Kit for spec-driven development) aligns with the instructions (init, plan, build, commit). However the prereqs list the binary 'uv' while all examples use 'uvx', and 'python3' is declared but not referenced in the visible commands. These are small inconsistencies that could cause confusion or broken runs.
Instruction Scope: noteSKILL.md stays on-topic (creating specs, generating code, running tests, committing to git). It does instruct operations that modify local repos and files (creates .speckit/, writes files, runs tests, commits). That is expected for this tool, but it grants the agent authority to modify the working tree and invoke network-backed tooling via uvx.
Install Mechanism: concernThere is no formal install spec, but the instructions call uvx with --from git+https://github.com/github/spec-kit.git which causes code to be downloaded and executed. The download host is GitHub (expected), but the skill does not declare or restrict this network/install behavior — instruction-only skills that direct fetching/execution are higher risk if the fetched code is unreviewed.
Credentials: noteThe skill declares no required environment variables or credentials, which matches the metadata. However runtime behavior (git commits/pushes, using an AI agent like Claude/Copilot/Gemini) may implicitly use existing git credentials or external API keys the user has configured. Those credentials are not mentioned or scoped by the skill.
Persistence & Privilege: okalways is false and the skill is user-invocable (normal). Autonomous invocation is allowed (platform default) but there is no attempt to make the skill persistently enabled or to modify other skills' config.