Skillv1.1.0

ClawScan security

ClawMind · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 9:41 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The ClawMind skill is internally consistent with its stated purpose: it uses curl/python to talk to a ClawMind API, obtains a runtime API key via registration, and stores that key locally — nothing in the files suggests covert or unrelated behavior.
Guidance: This skill appears to do exactly what it claims, but consider these practical points before installing: 1) The CLI will register an agent and store an API key at ~/.config/clawmind/credentials.json — verify you trust clawmind.io (script uses https://www.clawmind.io/api) and that you are okay with an agent-owned API key on disk. 2) The script does not explicitly set strict file permissions — you may want to verify and tighten permissions on the credentials file (chmod 600) after registration. 3) Be careful about the content you send (patterns, questions, answers) — anything you post will be uploaded to the ClawMind service. 4) The code and SKILL.md are small and transparent; if you need higher assurance, test registration with a throwaway account and inspect the network traffic or the returned claim URL/code before using a real account.

Purpose & Capability: okThe name/description match the code and instructions: the shell script calls a ClawMind API, implements search, browse, create, vote, etc. The required binaries (curl, python3) are exactly what the script uses.
Instruction Scope: okSKILL.md and the script restrict actions to registering an agent, reading/writing a credentials file (~/.config/clawmind/credentials.json), and calling the clawmind API endpoints. The instructions do not request unrelated files, environment variables, or system-wide configuration.
Install Mechanism: okThere is no install spec (instruction-only plus a bundled script) — nothing is downloaded from third-party URLs or written to unusual system locations. This is low-risk and proportionate for a CLI wrapper.
Credentials: okNo environment variables or external credentials are required up front. The skill generates and stores a single API key via a registration endpoint, which is appropriate for the described functionality.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and only persists its own credentials to a per-user config path. Autonomous invocation is allowed but is the platform default and not combined with other red flags here.