Skillv3.0.3

ClawScan security

Charmie CRM Lite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 6:27 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested resources match its stated purpose (a local SQLite-based contact manager); nothing indicates hidden exfiltration or unrelated privileges.
Guidance: This skill appears to do what it says: a local SQLite contact manager exposed as tools via the modelcontextprotocol SDK. Before installing: (1) review and trust the npm dependencies (particularly @modelcontextprotocol/sdk) and run npm install in a controlled environment; (2) be aware the code will create contacts.db in the skill directory and will read a local .env file if present—avoid placing sensitive secrets in that .env for this directory; (3) verify the upgrade URL/homepage if you plan to follow it, since external upgrade pages may request payment or additional data; (4) if you need stronger isolation, run the skill in a sandbox or dedicated environment. Overall there are no signs of data exfiltration or unrelated credential requests.

Review Dimensions

Purpose & Capability: okName/description match the provided code: the files implement a local SQLite contacts DB and tool handlers for add/search/update/delete. Declared dependencies (sqlite3, dotenv, and a local SDK to expose tools over stdio) are consistent with that purpose; there are no unrelated cloud credentials, binaries, or config paths requested.
Instruction Scope: noteSKILL.md and README instruct only to run npm install / setup and start the skill; runtime code operates on a local contacts.db and exposes tools over stdio. Minor note: both index.js and db.js call dotenv.config(), which will load a .env file into process.env if present. The code does not use or transmit environment variables anywhere, but the presence of dotenv means the skill will read local .env contents into memory.
Install Mechanism: okNo install spec is embedded in the registry; standard npm installation is used (package.json lists dependencies). Dependencies are normal and come from npm; there are no downloads from arbitrary URLs, no extracted archives, and no nonstandard install behavior.
Credentials: noteThe skill declares no required environment variables (appropriate for a local SQLite app). As noted, dotenv is loaded at runtime and will populate process.env from a .env file if present; although the current code does not use those variables or send them externally, users should be aware the skill will read a .env if one exists in the same directory.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and only creates/uses a local contacts.db file in its own directory. It runs as a normal local process and does not request elevated/system-wide privileges.