Skillv1.0.0

ClawScan security

cache-strategy-advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 12:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions align with a cache-advice purpose, but the manifest omits required local tooling and an environment variable (HOST) and instructs broad filesystem and network probing — the metadata is inconsistent and you should review runtime permissions before installing.
Guidance: This skill appears to do what it says (analyze caches and suggest configs) but the package metadata is incomplete. Before installing or running it: (1) treat it as a local diagnostics tool — it will search your repository and may connect to local Redis/Memcached and to the hostname in $HOST; (2) ensure you run it in a safe environment (not on production data) or supply a sanitized/restricted project copy; (3) ask the publisher to declare required binaries and environment variables (e.g., HOST, and any CDN credentials) in the manifest so you can grant consent knowingly; (4) review any outputs (configs, connection targets) before applying changes; (5) if you don't trust it, run the SKILL.md commands manually under a vetted account to see exactly what will run. Providing the skill's source/homepage or clarifying runtime permissions would raise confidence.

Review Dimensions

Purpose & Capability: noteThe SKILL.md content (searching code, querying Redis/Memcached, curling the host, producing configs) is coherent with a cache strategy advisor. However the skill metadata declares no required binaries or environment variables even though the instructions expect tools like redis-cli, memcached-tool, rg (ripgrep), curl, python3, sed, and an environment variable $HOST. The missing declarations are an inconsistency.
Instruction Scope: concernRuntime instructions tell the agent to scan the local codebase (rg), query local cache services (redis-cli, memcached-tool), and perform HTTP requests to https://$HOST. Those actions can read arbitrary files and contact internal/external endpoints; the SKILL.md doesn't limit or explicitly justify access to unrelated files or define how $HOST should be provided. That's scope creep if the operator doesn't intend the agent to perform repository-wide or network probes.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That minimizes disk writes and supply-chain risk. There is no installer download to evaluate.
Credentials: concernThe skill requests no environment variables in metadata, but the instructions rely on $HOST and implicitly assume access to local Redis/Memcached instances and possibly CDN credentials for configuration. Requiring credentials or host addresses would be reasonable, but they should be declared. The current omission is disproportionate and prevents proper consent review.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent installation or modify other skills. Autonomous invocation is allowed (platform default), which is normal; there is no evidence the skill tries to gain persistent elevated privileges.