Skillv1.0.0

ClawScan security

Cool Agent Tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 5:06 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's commands match its stated sysadmin purpose, but the runtime instructions allow potentially destructive actions (deleting logs, killing processes) without safeguards and the metadata omits declaring required system tools — proceed with caution.
Guidance: This skill is coherent for system administration, but it contains high-impact commands (delete logs, kill processes) and omits declaring which system tools it needs. Before installing: (1) only allow human-in-the-loop invocation or require explicit confirmations for destructive actions; (2) run the agent in a restricted/test environment with limited privileges (avoid root) and backups available; (3) ask the author to document required binaries and to replace broad commands (e.g., pkill -f python, find ... -delete) with safer, interactive alternatives or add confirmation/whitelisting; (4) if you must allow autonomous runs, add strict policies/logging and limit which commands the agent may execute. If you cannot enforce these controls, treat the skill as risky and avoid installing it on production hosts.

Review Dimensions

Purpose & Capability: noteName/description match the provided commands (system monitoring, logs, processes, network). However, the skill declares no required binaries or config yet the instructions rely on many standard system tools (curl, docker, netstat/ifconfig/ip, journalctl, pkill/kill, tar, find, du, etc.). This omission is sloppy and should be clarified but is not inherently malicious.
Instruction Scope: concernSKILL.md directly instructs the agent to execute system-level commands including destructive operations (e.g., find /var/log -name "*.log" -mtime +7 -delete, pkill -f python, kill -9). There are no safeguards, confirmation steps, or policies about when to run destructive actions. The instructions give broad discretion to run commands on the host, which increases risk if the agent is allowed to act autonomously.
Install Mechanism: okInstruction-only skill with no install spec or code files. This minimizes supply-chain risk because nothing is written or downloaded by the skill itself.
Credentials: okThe skill requests no credentials or environment variables, which is appropriate for local sysadmin tooling. Note: it does assume access to host filesystem and container runtime (docker) — reasonable for the stated purpose but should be acknowledged to users who expect limited agent permissions.
Persistence & Privilege: notealways:false (no forced presence). The skill permits model invocation (normal), which combined with the instruction scope (destructive commands) increases risk if the agent is allowed to act autonomously. The skill does not attempt to modify other skills or system-wide configurations.