Angus Bounty Hunter
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its smart-contract scanning purpose, but its scan script automatically installs dependencies from any target repository, which can run untrusted code on your machine.
Install or run this only in a sandboxed environment such as a container or disposable VM. The scanner's purpose is legitimate, but its default scan script may run npm or pip installation code from whatever repository you scan.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Scanning a malicious or compromised repository could run code on the user's machine, not just perform static analysis.
After cloning a user-supplied repository, the script automatically runs npm and pip installs. Those package managers can execute install scripts or setup code from untrusted target repositories and dependencies.
[ -f "package.json" ] && npm install --silent 2>/dev/null || true [ -f "requirements.txt" ] && pip3 install -r requirements.txt --quiet 2>/dev/null || true
Run this only in a disposable container or VM, or change the script to ask before installing dependencies, use locked dependencies, disable npm scripts where possible, and use a dedicated Python virtual environment.
A target repository can influence what third-party packages are installed and what setup code runs during scanning.
The workflow pulls arbitrary remote repository contents and then trusts that repository's dependency declarations. There is no artifact evidence of pinning, verification, sandboxing, or containment.
git clone --depth 1 "$REPO_URL" 2>&1 ... [ -f "package.json" ] && npm install --silent 2>/dev/null || true [ -f "requirements.txt" ] && pip3 install -r requirements.txt --quiet 2>/dev/null || true
Treat target repositories as untrusted supply-chain input. Prefer containerized scans, dependency lockfiles, no-script install modes, and explicit user approval before any package installation.
If the local LLM service is not trusted or is exposed to other users, vulnerability findings or project details could be visible to that service.
The triage script sends finding summaries to a local Ollama-compatible LLM endpoint. This is disclosed and purpose-aligned, but it is still a data flow to another local service.
curl -s http://127.0.0.1:11434/api/generate \
-d "{\"model\":\"deepseek-coder-v2:16b-lite-instruct-q5_K_M\",\"prompt\":\"$PROMPT\",\"stream\":false}"Use only a trusted local Ollama instance, confirm it is bound to localhost as expected, and avoid triaging sensitive private code on shared machines.