Back to skill
Skillv1.0.3
ClawScan security
Docs Sync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 7:26 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (reading the repo, running git/gh, and making edits/PRs/issues) matches its description, but the package metadata omits the declared runtime requirements (git and the GitHub CLI / auth), which is an incoherence you should resolve before trusting it.
- Guidance
- This skill appears to do what it claims (discover docs, draft edits, and optionally commit or open issues), but the package metadata fails to declare its real runtime requirements. Before installing or enabling it: (1) verify that you have git and the GitHub CLI (gh) installed and that gh is authenticated as the intended user; (2) run the skill in 'review first' mode (do not allow direct apply) the first few times so you can inspect proposed changes; (3) consider running it on a fork or branch instead of the primary branch; (4) ask the skill author to update the registry metadata to list git/gh and to document expected GitHub permissions; and (5) do not grant the agent broader system access — the skill does not need other credentials or system files.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md describes a docs-sync agent that discovers the repo, reads docs, drafts edits, commits/branches, and can create GitHub issues — all coherent with the stated purpose. However, the metadata lists no required binaries or credentials while the runtime instructions explicitly require git and the GitHub CLI (gh) and rely on gh being authenticated. The missing declaration is an inconsistency.
- Instruction Scope
- okInstructions stay within the repo/documentation domain: they run git/gh commands, read repo files, map changes to doc roles, draft edits, and optionally commit or create issues. There are no instructions to read unrelated system files, send data to third-party endpoints outside GitHub, or access unrelated credentials.
- Install Mechanism
- noteThis is an instruction-only skill with no install spec or code files (low install risk). The only practical runtime dependency is external tooling (git and gh), which the SKILL.md lists but the skill metadata does not — this mismatch should be fixed so users know what will actually be invoked.
- Credentials
- concernThe skill does not declare any environment variables or primary credential, but it expects an authenticated gh CLI. That means it will act with whatever GitHub identity the local gh client has (can read repo details and create commits/issues). Not requesting tokens directly is reasonable, but the metadata omission hides the fact that the skill will operate with the user's GitHub auth and privileges.
- Persistence & Privilege
- okalways:false and no installs or cross-skill config writes. The skill can make changes to the repo (commits, branches, issues) if allowed by the user's gh auth — this is normal for the purpose and is user-controlled by gh authentication and by whether the agent is allowed to 'apply' vs 'review'.