ClawSentinel
PassAudited by ClawScan on May 1, 2026.
Overview
ClawSentinel appears to be a coherent instruction-only security-auditing skill, with no code execution, credentials, persistence, or hidden high-impact behavior shown in the artifacts.
This skill looks safe to install from the provided artifacts, but treat it as an advisory scanner rather than a guaranteed security authority. Be aware that it may fetch public GitHub content when you explicitly request a repository audit, and consider provenance because no source or homepage is listed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you ask it to audit a GitHub repository, your agent may fetch public files from GitHub.
The skill may direct the agent to retrieve public GitHub content, but the network access is disclosed, user-directed, and coherent with repository auditing.
Only fetches raw.githubusercontent.com when you explicitly audit a public GitHub repo
Use it only on repositories you intend to review, and do not assume it audits private or non-GitHub sources unless separately configured.
You have less external information to verify who maintains the skill or whether the registry entry matches an upstream project.
For a security scanner, limited source and homepage provenance makes it harder for users to verify authorship or maintenance history, though no code or install script is present.
Source: unknown; Homepage: none
Prefer security tools with clear source links and version history when provenance matters.
The wording may encourage extra trust in the scanner's results or guarantees.
The skill uses strong safety/privacy guarantees and fear-oriented language; this is not malicious by itself, but users should not over-rely on the claims without independent verification.
100% local read-only analysis ... Zero telemetry in base version ... ClawHub is infested right now.
Treat scan output as advisory and combine it with other review practices for important installations.