Skillv2.0.0

ClawScan security

Baby Guide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 6:57 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions match a baby-care guide: no network calls or secret access are requested; the only minor oddities are an undocumented 'emergency' subcommand and an extra helper script unrelated to baby content that writes a local data/log directory.
Guidance: This skill appears to implement a baby-care reference and does not try to exfiltrate data or require credentials. Before installing or running: (1) inspect scripts/script.sh — it will create ~/.local/share/baby-guide (or $XDG_DATA_HOME/baby-guide) and append to a history.log; if you don't want local logging, remove or edit that file. (2) Note the 'emergency' command in scripts/baby.sh is available though not listed in SKILL.md; review its output to ensure it matches your expectations. (3) No network access or secrets are requested, but always avoid running skills from unknown sources on sensitive systems — consider running in a sandbox or reviewing the full scripts if you have concerns. Finally, remember the guidance is for reference only and advise users to consult a pediatrician for medical decisions.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose is baby care and the primary script (scripts/baby.sh) implements milestone/food/education/vaccine functionality as described. However, the package also includes scripts/script.sh (a design-helper that logs to $XDG_DATA_HOME or $HOME/.local/share/baby-guide), which is unrelated to baby guidance and not referenced in SKILL.md; this is a mild mismatch but not clearly malicious.
Instruction Scope: noteSKILL.md directs the agent to run scripts/baby.sh for the declared commands and those commands are implemented in the script. There is a small mismatch: baby.sh exposes an 'emergency' command in its help/case statement that is not listed in SKILL.md's command table. The script only prints guidance and does not attempt to read unrelated system files or transmit data.
Install Mechanism: okThis is an instruction-only skill with embedded scripts; there is no install specification, no external downloads, and nothing is fetched at runtime. That limits the risk of arbitrary remote code being pulled in.
Credentials: noteThe skill declares no required environment variables or credentials. The included scripts do reference typical environment variables (BABY_GUIDE_DIR, XDG_DATA_HOME, HOME) in scripts/script.sh to create a local data directory and append a history.log; this is disproportionate to a purely read-only guidance tool but not inherently dangerous. No secrets are requested or accessed.
Persistence & Privilege: okalways:false (no forced permanent inclusion). The skill does not request system-wide privilege or attempt to alter other skills or agent configs. The only persistent effect would occur if scripts/script.sh is run — it creates a $DATA_DIR and appends to history.log in the user's data directory.