Skillv1.0.1

ClawScan security

Ubuntu Inspector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 18, 2026, 12:26 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose: a local Ubuntu system inspection script that collects system, service, log, and update information and writes a report to /tmp; no network exfiltration or unrelated credentials are requested.
Guidance: This script is coherent with its purpose but it collects sensitive local data (user accounts, failed logins, system logs, service/process lists) and writes them to /tmp. Before running: review the script yourself, run it on a non-production/test system if unsure, avoid running as root unless needed and you understand the output, and protect or securely remove the generated report file since it contains sensitive information. No network calls or credential exfiltration were found in the script.

Purpose & Capability: okName/description (Ubuntu system inspection) align with the supplied script and SKILL.md. The script collects CPU, memory, disk, network, services, logs, users and update status—exactly what the skill claims.
Instruction Scope: noteInstructions tell the agent to run the included script in the skill workspace. The script reads local system info and logs (e.g., /etc/passwd, journalctl, lastb) which is expected for a system-inspection tool but is sensitive; SKILL.md correctly notes root is needed for full results.
Install Mechanism: okNo install spec; this is instruction-only with a bundled script. Nothing is downloaded or written outside the report file in /tmp.
Credentials: okNo environment variables, credentials, or external config paths are requested. The script uses standard system commands only.
Persistence & Privilege: okalways is false and the skill does not modify other skills or system configuration. It only writes a transient report file to /tmp and prints the path.