Skillv1.0.0

ClawScan security

Tripwire · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 24, 2026, 7:17 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is a documentation/reference wrapper for Tripwire and its commands; its files, instructions, and requested privileges are consistent with that purpose and do not ask for unrelated credentials or install arbitrary code.
Guidance: This skill is a reference and helper for Tripwire — not a network exfiltration tool. Before using it: (1) realize the documented commands operate on system files and require root; they will scan many paths and can modify Tripwire keys/database, so run on intended hosts only; (2) protect Tripwire passphrases/site-local keys — the docs show removing plain-text policy/config files after signing; (3) change placeholder email addresses (admin@example.com) before enabling automated reports; and (4) because this is documentation, no code is installed by the skill itself — review and run the shown commands manually rather than blindly executing scripts as root.

Review Dimensions

Purpose & Capability: okThe name/description describe Tripwire (host-based IDS) and all required files and instructions relate to installing, initializing, checking, and configuring Tripwire. There are no unrelated environment variables, binaries, or external services requested.
Instruction Scope: noteSKILL.md and scripts/script.sh are purely documentation-style instructions that tell the operator to run Tripwire/twadmin commands, manage key files under /etc/tripwire, and scan system paths (e.g., /bin, /etc). That is expected for a Tripwire reference, but these operations require root and will read many system files — the skill's guidance can cause extensive system scanning and produce reports. No instructions attempt to exfiltrate data to unexpected endpoints; example cron/email uses a placeholder admin@example.com.
Install Mechanism: okThere is no install spec and the skill is instruction-only except for an included documentation script. Nothing is downloaded or written to disk by an installer, so install risk is low.
Credentials: okThe skill declares no required environment variables or credentials. SKILL.md references Tripwire key files and passphrases under /etc/tripwire, which is appropriate and expected for Tripwire operations; no unrelated secrets or credentials are requested.
Persistence & Privilege: noteThe skill does not request permanent presence (always:false) and does not modify other skills. However, the documented commands require root privileges to manage Tripwire keys, database and to scan system files — the user should be aware of the privilege requirements before running commands shown in the documentation.