Skillv1.0.3

ClawScan security

PhiProto CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 7, 2026, 7:16 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (handling .phiproto files) matches what it does, but it instructs downloading and installing a remote binary without integrity checks and contains a small internal contradiction about whether the binary is 'bundled', so proceed with caution.
Guidance: This skill is coherent with its stated purpose but has two practical security concerns you should consider before installing or running it: 1) getphi.sh downloads an executable from a GitHub release and places it in ~/.local/bin without verifying a checksum or signature; 2) the script does not set the executable bit (chmod), so it may not be runnable as-is. If you want to use this skill safely: verify the GitHub repository and the release tag manually, prefer downloading a release with an accompanying hash/signature and verify it, run the binary in a sandbox or VM first, or ask the skill author to include a signed checksum or source code. If you cannot verify the binary, avoid executing it on sensitive systems.

Review Dimensions

Purpose & Capability: noteThe skill claims to provide a 'bundled phicli binary' for working with .phiproto files and its instructions/auxiliary script do focus on decoding/encoding .phiproto as described. However the binary is not actually bundled in the package — instead getphi.sh downloads it from a GitHub release. This is a minor inconsistency but does not on its own make the skill unusable.
Instruction Scope: concernSKILL.md tells the agent to fetch phicli from github.com/chengongpp/phicli and then use it locally. The runtime instructions and helper script will download a remote executable into $HOME/.local/bin. The instructions do not request unrelated files/credentials, but they do direct network download and installation of an executable which expands the skill's scope beyond pure local file inspection. There is no integrity or signature check and the README claims the tool 'runs local-only' (a claim you cannot verify from this package).
Install Mechanism: concernThere is no formal install spec in registry; instead the included getphi.sh uses wget to download a binary from a GitHub Releases URL (github.com/chengongpp/phiproto/releases/download/0.0.2/phicli) into $HOME/.local/bin. Downloading from GitHub releases is common, but the script does not verify checksums or signatures and does not set the executable bit (no chmod), which risks both usability and security. No archive extraction is done and the host is a known release host (GitHub), so risk is moderate but notable due to missing integrity checks.
Credentials: okThe skill does not request environment variables, credentials, or config paths. The only implicit use is $HOME as the target install location. There are no unrelated secrets or broad credential requests.
Persistence & Privilege: noteThe skill writes a file into $HOME/.local/bin which is a per-user persistent location and may affect future PATH behavior. always:false (no forced inclusion) and the skill does not modify other skills or system-wide settings. Writing to the user's bin directory is expected for a user-scoped tool but is a persistent change the user should be aware of.