Back to skill
Skillv0.1.0
ClawScan security
Repo Onboarding · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 29, 2026, 4:16 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose matches onboarding tasks, but its runtime instructions require executing external scripts at hard-coded absolute paths (and optionally installing a cron job) that are not bundled, declared, or justified — this is incoherent and risky.
- Guidance
- This skill tells your agent to run Python/bash scripts that are not included and are referenced by absolute paths in another user's home directory — those scripts could execute anything on your machine. Before installing or running: (1) inspect the exact scripts referenced (/home/.../senior-architect and repo-kanban-pm) to confirm their safe behavior; (2) ensure the scripts exist in a trusted location (prefer relative paths inside the repo or bundle the scripts with the skill); (3) require and document needed binaries (python, bash) and any env vars those scripts need; (4) do not run the add_daily_pm_cron.sh step until you review what it writes to crontab; (5) run first in an isolated environment or CI job with limited privileges. If you cannot review the referenced scripts, treat this skill as untrusted.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to onboard repos, which is reasonable, but its instructions depend on other skills' scripts located at hard-coded absolute paths (/home/broedkrummen/.openclaw/.../senior-architect and repo-kanban-pm). Those scripts are not included in the package, and the skill declares no required binaries (e.g., python, bash). Requiring external, undisclosed scripts at specific user-home paths is disproportionate to the stated purpose and breaks expected packaging assumptions.
- Instruction Scope
- concernRuntime instructions tell the agent to execute Python and bash scripts outside the repository (absolute user-home paths) and to write files into the repo. This gives the skill the ability to run arbitrary code on the host. The optional cron-install step (add_daily_pm_cron.sh) further modifies system state. The SKILL.md does not provide fallbacks that safely limit execution (it only suggests a manual fallback if scripts fail).
- Install Mechanism
- noteThere is no install spec (instruction-only), which minimizes package installation risk. However, the lack of bundled code combined with instructions to run external scripts means the skill assumes presence of other local skills/files. That mismatch elevates risk despite the absence of an install step.
- Credentials
- concernThe skill declares no required environment variables, yet it invokes Python and Bash scripts that may themselves require secrets or service tokens. The SKILL.md does not document expected environment inputs for the referenced scripts. Additionally, the optional cron command accepts an --agent argument ("cody") which could implicitly reference agent tooling or credentials not disclosed.
- Persistence & Privilege
- concernalways:false (good), but the instructions include an optional script to add a daily cron job which would create persistent system behavior outside the repo. Because the skill can cause persistent changes (crontab) and execute arbitrary external scripts, it demands careful review before use.