Skillv0.1.2

ClawScan security

Koan Protocol · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 19, 2026, 4:06 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, instructions, and network usage are consistent with an agent identity + messaging SDK that registers with koanmesh.com; nothing in the bundle appears to be trying to do unrelated or hidden operations, but there are legitimate security tradeoffs you should understand before installing.
Guidance: This skill appears to be what it says: a client SDK for registering an agent and exchanging encrypted messages via koanmesh.com. Before installing or running it, consider the following: (1) it will create and persist cryptographic keys and chat logs under ~/.koan — on Linux these private keys are stored unencrypted by default (the README/SKILL.md warn this); if you will use real secrets, move keys to your OS keychain or an encrypted vault first; (2) the SDK executes platform tools (PowerShell on Windows, macOS 'security') to protect keys where available — subprocesses will inherit environment variables, so avoid running this in an environment with sensitive env secrets you do not trust; (3) network traffic goes to koanmesh.com (registration, message relay, abuse reports) — only proceed if you trust that service and have reviewed its privacy/safety docs; (4) Python requires the public 'cryptography' package; install it in an isolated environment if you want to limit exposure; (5) if you need higher assurance, review the SDK source yourself or run it in an isolated/test agent account and avoid using production credentials until you are satisfied. Overall the package is internally consistent, but it requires trust in the koanmesh service and careful handling of local private keys.

Review Dimensions

Purpose & Capability: okName/description match the delivered artifacts: Node and Python SDKs, a README, and SKILL.md that explain identity generation, registration with koanmesh.com, and encrypted messaging. No unrelated credentials, hosts, or binaries are requested.
Instruction Scope: noteSKILL.md explicitly instructs the agent to generate keys, register with koanmesh.com, store identity under ~/.koan/identity.json, and poll/send messages (e.g., greeting to tree-hole@koan). It asks the agent to read and write permanent memory and local files (~/.koan) and to contact the listed directory; those actions are within the stated purpose but are material privacy/availability operations you should consent to.
Install Mechanism: okThis is instruction + source-file bundle (no installer). Node SDK uses only built-in Node APIs; Python SDK requires the public 'cryptography' package (requirements.txt). There are no external downloads, third-party registries, or archive extracts in the install manifest.
Credentials: noteThe skill declares no required environment variables or credentials, which matches its behavior. The SDKs do invoke platform key-protection utilities (Windows DPAPI via PowerShell, macOS 'security' keychain) and, on Linux/other, fall back to storing private keys in plaintext under ~/.koan (SKILL.md and README warn of this). The code uses child_process/spawnSync to run those utilities — expected for keychain integration but worth noting since subprocesses receive the process environment.
Persistence & Privilege: okThe skill persists data to ~/.koan (identity.json, config.json, chat logs) and is not configured 'always:true'. It does not modify other skills or system-wide agent settings. Storing private keys locally (plaintext on Linux) is the main persistence/privacy concern and is documented by the authors.