Skillv0.1.1

ClawScan security

xmind · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 4:03 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (generate/read .xmind via an npm MCP invoked through mcporter), but there are a few mismatches and supply‑chain risks you should understand before installing.
Guidance: This skill appears to do what it says, but proceed cautiously. Key points to consider before installing/using: - Runtime npm execution: The skill runs `npx -y xmind-generator-mcp@0.1.2`, which downloads and executes package code from the npm registry each time. That is expected for this use case but is a supply‑chain risk. Prefer to verify the package contents and publisher before allowing the agent to run it. - No upstream/source info: The skill metadata lists no source repository or homepage. That makes it harder to audit the MCP package. Look up the npm package (xmind-generator-mcp@0.1.2) yourself and inspect its repository, maintainers, and recent changes. - Implicit environment/use of env vars: The SKILL.md mentions an MCP-configured outputPath environment variable but the skill declares no env vars. Verify what outputPath the MCP will use in your environment so files are not written to unexpected locations. - Local file access & chat attachments: The skill will write temp files (/tmp) and may save to ~/Desktop and then send the generated .xmind back in chat. If you have sensitive data on the system, be aware the package you run could read more of the filesystem if malicious. - Mitigations: Run this in a sandboxed environment or container, inspect the npm package source, pin the package to a vetted version, or ask the publisher for a source repo before using. If you cannot verify the npm package or maintainers, treat this skill as higher risk.

Review Dimensions

Purpose & Capability: okName/description match the required binaries and runtime behavior: mcporter is used to call an MCP and npx is used to run the npm package xmind-generator-mcp@0.1.2. Requiring mcporter and npx is coherent for invoking a remote MCP service that produces .xmind files.
Instruction Scope: noteThe SKILL.md stays within the stated purpose (construct JSON, write a temp file, call the MCP, return the .xmind to the user). It instructs writing JSON to /tmp and defaulting output to ~/Desktop, and to send generated files back via chat. Two issues: (1) it references an MCP-configured outputPath environment variable ('see below') but the skill declares no env vars—this is an internal inconsistency; (2) runtime use of 'npx -y' means code will be downloaded and executed from the npm registry at call time (supply‑chain/execution surface).
Install Mechanism: noteThere is no install spec (instruction-only), but runtime execution relies on npx which will fetch and run xmind-generator-mcp@0.1.2 from the npm registry each time. This is expected for this functionality but is a moderate supply‑chain risk because arbitrary package code may run locally when invoked.
Credentials: concernThe skill declares no required environment variables or credentials (which is reasonable). However the documentation references a MCP-configured outputPath environment variable without declaring it, and the MCP may honor environment variables not described here. Also the skill will read/write local paths (/tmp, ~/Desktop) and return files via chat—users should be aware that local files will be accessed and transmitted. The lack of declared upstream source/homepage for the npm package reduces transparency and increases risk.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and does not require persistent installation. It will create temporary JSON files and may write .xmind files to Desktop or the MCP's outputPath; this is expected for the stated functionality.