Skillv0.1.0

ClawScan security

fzf · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 14, 2026, 4:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is coherent with its stated purpose (teaching and automating fzf install/configuration); it only contains shell instructions and helper functions consistent with a command-line integration guide, but it will modify shell config and run installers that require network/sudo so the user should review and approve those actions.
Guidance: This skill is internally consistent for teaching and automating fzf usage, but it will: (1) run network installs (brew, apt, curl/git clone from GitHub) and may use sudo to move binaries; (2) edit your shell startup files (~/.bashrc, ~/.zshrc) to add eval lines, exports, and functions; (3) provide helper functions that can run destructive commands (kill, rm, docker stop, eval history entries). Before allowing the agent to act: back up your dotfiles, review the exact install commands the agent proposes, verify downloads come from github.com/junegunn/fzf, and be cautious when authorizing actions that require sudo or that execute code from your history or selected items. If you prefer manual control, ask the agent to only show the commands to run (don’t execute them).

Review Dimensions

Purpose & Capability: okName/description (fzf fuzzy finder) match the included content: installation steps, shell integration, examples, and helper scripts. All requested actions (installing fzf, editing shell rc files, integrating with fd/bat/rg/docker/git) are expected for this capability. Minor inconsistency: SKILL.md metadata lists 'requires: fzf' while the registry metadata shows no required binaries — functionally the skill expects fzf to be present or to be installed.
Instruction Scope: noteInstructions tell the agent to check/install fzf, edit ~/.bashrc|~/.zshrc (eval "$(fzf --bash|--zsh)"), run package manager commands, clone GitHub, download releases, and add many helper functions. Those actions are within the skill's stated purpose. Some helper functions use eval (fh), kill/xargs (fkill), rm (safe_delete), docker exec/stop, and execute bindings — these execute or build commands and thus can perform destructive operations if used incorrectly. This is expected for a CLI toolkit but worth user awareness.
Install Mechanism: okThere is no formal install spec in the registry; the docs recommend standard, well-known install methods: Homebrew, package managers, git clone from the official GitHub, or GitHub releases (curl from github.com/junegunn/fzf). These are common and traceable installation methods; no obscure download hosts or shortcuts are used.
Credentials: okThe skill declares no environment variables or credentials. It references common environment variables like EDITOR and standard paths (~/.fzf, ~/.bashrc) which are appropriate. There are no requests for unrelated secrets or external tokens.
Persistence & Privilege: noteThe skill will (per its instructions) modify user shell configuration files, clone into ~/.fzf, and may run installers requiring elevated privileges (sudo mv /usr/local/bin). always is false and the skill is user-invocable. Modifying dotfiles and installing binaries is expected for this skill but is a persistence/privilege-impacting action the user should confirm.