Back to skill
Skillv3.0.1
ClawScan security
Roomba Control · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 24, 2026, 1:44 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose: a self-contained, read-only reference tool that requires no credentials or network access.
- Guidance
- This skill is coherent and low-risk: it prints local reference docs and does not use network access or credentials. If you plan to allow autonomous invocation, note the agent could run the included shell script; review the script (it's short) before granting execution rights. Small notes: the script has a minor version string/formatting bug (help output uses a quoted heredoc so $VERSION won't expand), but this is functional-only and not a security issue. If you need stronger isolation, run/inspect the script in a sandbox before use.
Review Dimensions
- Purpose & Capability
- okName/description match the delivered assets. The package provides local reference documentation and a small CLI script that prints heredoc content — nothing in the files requires cloud access, credentials, or unrelated system privileges.
- Instruction Scope
- okSKILL.md explicitly states no external API calls or network access; the included script only emits static documentation via heredocs and performs simple local control flow. The docs mention tools like tcpdump/wireshark as examples but do not invoke them. No instructions attempt to read arbitrary system files or credentials.
- Install Mechanism
- okThis is an instruction-only skill with no install spec. A single helper script is included; nothing is downloaded or extracted at install time, so there is no remote install risk.
- Credentials
- okThe skill requires no environment variables, no credentials, and no config paths. The code does not access environment secrets or other services beyond standard shell behaviour.
- Persistence & Privilege
- okalways is false and model invocation is allowed (the platform default). The skill does not request permanent presence, nor does it modify other skills or system-wide settings.