Skillv1.0.0

ClawScan security

clawbox agenitc file system · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 14, 2026, 5:57 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions are consistent with a CLI-based file-storage integration and do not request unexplained credentials or installs, but there are minor documentation/path inconsistencies and the setup approach (pip installing code) has the usual risks of executing third-party code — review the upstream repo before running.
Guidance: This skill appears to do what it says (wrap a ClawBox CLI). Before installing/running the setup script: 1) Inspect the GitHub repo (https://github.com/Alfra-AI/clawbox.git) and pyproject.toml to ensure you trust the code you will pip install, because pip install executes package build/install code. 2) Note the setup script expects to be run from a cloned repo (it checks for pyproject.toml) and SKILL.md references a missing self-hosting doc and slightly different paths — follow the included files or the repo's README rather than relying on the path strings in SKILL.md. 3) Understand that using the CLI will connect to the default server (https://clawbox.ink) unless you self-host; uploaded files and tokens will be stored on that server (config lives at ~/.clawbox/config.json), so do not upload sensitive data to the public service unless you trust it. 4) If you want to reduce risk, run the install and CLI in a sandboxed environment or on a self-hosted server you control. If you want higher assurance, provide the upstream repo URL and a quick review of its source files (server and package) would increase confidence.

Review Dimensions

Purpose & Capability: noteThe name/description match the included CLI-focused instructions and API reference. Required env vars/credentials are absent, which aligns with a user-driven CLI. Minor mismatch: SKILL.md references ClawBoxSkill/... paths and a self-hosting doc (references/self-hosting.md) that is not present in the manifest — a documentation/path inconsistency but not a functional red flag.
Instruction Scope: okRuntime instructions tell the agent to check for and use the clawbox CLI, run status/list/upload/search commands, and prefer non-destructive checks before mutations. The instructions reference only the CLI, config at ~/.clawbox/config.json, and the ClawBox API; they do not instruct reading unrelated files or exfiltrating data to unexpected endpoints. They do direct network interaction with the default server (https://clawbox.ink) or a self-hosted URL, which is expected.
Install Mechanism: noteNo formal install spec — an included setup.sh uses pip install on the local repo and then runs 'clawbox init'. Pip installing code (either from a cloned repo or via pip from the repo root) is expected for a Python CLI but runs arbitrary code during install/build steps — inspect the GitHub repo before running. The SKILL.md also suggests git cloning the GitHub repo (a standard source).
Credentials: okThe skill does not declare or require environment variables or credentials. The docs mention that server-side features (search/embeddings) may require a Google API key on the server, but that pertains to a server admin, not the agent. No unrelated secrets are requested.
Persistence & Privilege: okalways is false and the skill does not request permanent platform privileges or modify other skills. The setup script may install a package into the environment (normal for a CLI) but the skill does not attempt to alter other agent settings.