Back to skill
Skillv2.0.1
ClawScan security
Raspberry Pi Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 10:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with a local Raspberry Pi logging/management CLI: it stores data under a user-local directory and does not request credentials, network access, or unusual privileges.
- Guidance
- This skill appears coherent and runs entirely locally, storing logs under ~/.local/share/raspberry-pi-manager. Recommended precautions before installing: (1) review the included scripts (scripts/script.sh) yourself — the package is executed locally; (2) note that logs may contain sensitive operational data (SSH hosts, IPs, filenames) so restrict file permissions and back up or purge as needed; (3) because there is no install step, ensure the execution context (agent or user) is trusted before running the script; (4) if you expect networked device control (GPIO toggles, remote commands) confirm those features are actually implemented — this package is primarily a local logging/audit tool, not a remote management agent.
Review Dimensions
- Purpose & Capability
- okName/description (Pi management: GPIO, monitoring, service/sensor logging) align with the shipped script and SKILL.md. The script implements logging, search, export, stats and status features described. No unrelated services, cloud APIs, or unexpected binaries are requested.
- Instruction Scope
- okSKILL.md instructs local bash usage and the provided script implements the commands. All file reads/writes are limited to the declared local data directory (~/.local/share/raspberry-pi-manager). The instructions do not request collecting system-wide secrets or contacting external endpoints.
- Install Mechanism
- noteNo install spec is provided (instruction-only), but a runnable script is included. This is low risk — nothing is downloaded at install time — but users should be aware the packaged script is expected to be executed locally.
- Credentials
- okNo environment variables, credentials, or config paths are required. The script uses standard Unix utilities (date, wc, du, head, tail, grep, basename, cat) which is consistent with declared requirements.
- Persistence & Privilege
- okThe skill does not request always: true and does not modify other skills or system-wide settings. It persists only to a user-local directory and requires no root privileges.