Back to skill
Skillv2.0.1
ClawScan security
Followers · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 10:43 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are consistent with a local follower-tracking CLI: it stores data under ~/.local/share/followers, logs activity, and has no network calls or credential requirements.
- Guidance
- This skill appears to be a simple local CLI that keeps logs and exports under ~/.local/share/followers. Before installing, note: (1) it creates and writes files in your home directory—inspect or back up that directory if you need privacy; (2) despite commands named webhook/notify/automate, the script only logs entries locally and does not perform network calls—if you expect external integrations, review/extend the script carefully; (3) consider file permissions for the data directory and delete it if you later uninstall. Overall the files are coherent with the stated purpose and do not request credentials or network access.
Review Dimensions
- Purpose & Capability
- okName/description (follower tracking, unfollow detection, engagement) matches the shipped script: a local CLI that records entries, produces stats, and exports JSON/CSV/TXT. There are no unexpected credentials, cloud SDKs, or unrelated binaries required.
- Instruction Scope
- okSKILL.md and the script both state and implement local behavior. All referenced paths are under the user's home (~/.local/share/followers). The script reads/writes only those files and uses common utilities (grep, wc, du, tail, head). It does not read other system configs or environment variables, nor does it send data to external endpoints.
- Install Mechanism
- okNo install spec; the skill is instruction+script-only. Nothing is downloaded or extracted during install, so there's no high-risk install mechanism.
- Credentials
- okThe skill declares no required environment variables or credentials and the script does not access secrets. Requested resources (local filesystem under HOME) are proportional to a local tracking tool.
- Persistence & Privilege
- okalways is false and the skill does not modify other skill configs or system-wide settings. It persists only its own data under ~/.local/share/followers, which is expected for this tool.