Back to skill
Skillv1.0.1
ClawScan security
Claw Ethics Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 11:39 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions mostly match an 'ethics checker' utility and request no credentials, but the main Python file in the archive was truncated and the registry/source provenance is unclear — inspect the full source before installing, especially any webhook/log configuration that can transmit decision data.
- Guidance
- This skill appears to implement an ethics-checking utility and asks for no credentials, which is coherent with its purpose. Proceed cautiously because: 1) the provided claw_ethics_checker.py content in the package was truncated — the remaining unseen code could contain additional behavior (network calls, remote endpoints, or telemetry). Verify the full source before installing. 2) The docs show optional notification/webhook and log-file configuration; if you enable a slack_webhook, email notifications, or set a log file path that an external process reads, decision data could be sent outside your environment. Recommended actions before install: inspect the complete Python file(s) for network I/O (requests, urllib, socket, or subprocess calls), confirm the true upstream repository (clone from a trusted repo or vendor), and if you enable notifications, review where logs/notifications are sent and sanitize any sensitive task data prior to sending.
Review Dimensions
- Purpose & Capability
- okName, SKILL.md, examples, package.json and the visible Python code all describe an ethics/compliance checker. The included tests, examples, and API match that purpose. There are no unexpected required binaries or credentials declared.
- Instruction Scope
- noteSKILL.md instructs the agent to load and use the EthicsChecker API and shows integration patterns (automatic pre-check, logging, requiring human review). The instructions are limited to task analysis and local recording. Note: examples and INSTALLATION.md show optional notification settings (email, slack_webhook) and log file configuration — if configured, these could send or persist decision data externally. The runtime instructions do not autonomously collect system secrets.
- Install Mechanism
- okNo install spec was included (instruction-only), and package.json provides only usual metadata and an innocuous 'install' script. The repository and homepage are referenced but the skill package itself contains no remote download/install steps. This is low-risk from an installer perspective.
- Credentials
- noteThe skill declares no required environment variables or credentials. However INSTALLATION.md and SKILL.md document optional environment variables and config entries (e.g., CLAW_ETHICS_RISK_THRESHOLD, CLAW_ETHICS_LOG_FILE, slack_webhook, email) — these are optional but could be used to transmit logs/notifications if the operator configures them. There is no mandatory secret exfiltration requested.
- Persistence & Privilege
- okThe skill does not request always:true, does not claim to modify other skills' configuration, and only writes logs to its own decision_log in memory and has a provided export_decision_log(filepath) method to write logs to disk. The suggested default log file locations (in docs) may require write permission but do not imply elevated privileges.