Skillv1.1.0

ClawScan security

GoldenSeed · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (deterministic, reproducible entropy) matches its instructions, but several mismatches and missing provenance (package/module naming, odd class name, license statement, and reliance on pip install from PyPI without integrity checks) leave unanswered questions — inspect the package source before installing.
Guidance: This skill appears to do what it says (deterministic PRNG for reproducible testing), but several red flags mean you should inspect the upstream package before installing it into any environment used for sensitive work: - Verify the PyPI package: check the 'golden-seed' project page on PyPI and inspect the published files (source distribution / wheel). Look for a link to the authoritative repository and examine the code. Do not blindly run 'pip install' in a privileged environment. - Reconcile naming mismatches: SKILL.md imports from 'gq' and uses 'UniversalQKD' while the package name is 'golden-seed' and the README points to a COINjecture repo. Confirm that the package/module/class names match the published package to avoid typosquatting or misdirection. - Check the repository and maintainers: confirm the GitHub repo (or other source) exists, matches the package contents, and has recent, plausible activity and a real maintainer identity. - Validate integrity: prefer installing a pinned version and verify cryptographic hashes (wheel/sdist SHA256) or install from a checked-out source you reviewed. Run installs in an isolated virtualenv or sandbox. - License oddity: README claims 'GPL-3.0+ (with military use restrictions)', which contradicts the GPL (it does not permit adding restrictions). This is a sign of sloppy or misleading metadata — treat it as a provenance concern. - Usage caution: do not use this package for cryptographic secrets (the docs already warn this). If reproducibility for tests/worldgen is all you need, test generation outputs in a sandbox first to ensure behavior matches the claims. What would raise my confidence to 'benign': a clear, authoritative source repository link that matches the published PyPI package, commit history and maintainer info, consistent module/package/class naming, and a pinned release with published checksums.

Review Dimensions

Purpose & Capability: noteThe declared purpose (deterministic entropy for testing/worldgen) aligns with the examples and instructions. However there are oddities: the code examples import from module 'gq' and use a class named 'UniversalQKD' (QKD usually refers to quantum key distribution) while the pip package name is 'golden-seed' and the repository slug differs — these naming inconsistencies are unexplained and reduce confidence in provenance.
Instruction Scope: okSKILL.md contains direct, narrowly scoped runtime instructions (pip install golden-seed and example usage). It does not instruct reading unrelated files, accessing environment variables, or exfiltrating data. Examples focus on generating deterministic bytes and computing hashes for verification.
Install Mechanism: noteNo formal install spec in the registry, but an included install.sh and SKILL.md both direct 'pip install golden-seed'. Installing from PyPI is a normal pattern but is a network download that executes third‑party code; there are no pinned versions or checksum/integrity checks. This is a moderate-risk install step — verify the package contents and source before running.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths — the requested privileges are minimal and proportionate to the stated purpose.
Persistence & Privilege: okThe skill is not marked 'always' and allows normal agent invocation. It does not request persistent system-wide configuration or elevated privileges.