Skillv0.2.0

ClawScan security

Skill Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 7:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's name, description, and requested resources are coherent and it appears to be a pure-Python analyzer, but the included analyzer.py has multiple logic bugs and naive checks that can produce incorrect/misleading results and a truncated function that may crash — review before running.
Guidance: This skill is internally coherent (a Python tool that analyzes skills) but exercise caution before running it on important data. Key points: - The analyzer is pure-Python and requests no secrets or installs, which reduces risk of exfiltration, but you should still inspect scripts/analyzer.py before executing. - The analyzer contains logic bugs: scoring math is inconsistent with the documented 0-10 scale (the code scales to 0-100), and the risk-assessment function is truncated (an unfinished 'ret' token) which will likely crash or misreport risk. Expect unreliable/misleading results until those are fixed. - The security checks are heuristic: secret detection and eval/exec detection are simplistic and can miss issues or generate false positives. Do not rely solely on its output for security-critical decisions. - Recommended actions: (1) manually review scripts/analyzer.py for the truncated function and other logic issues, (2) run it first in an isolated/sandbox environment and against non-sensitive test skills, (3) if you plan to use its reports for decisions, validate a few results manually and consider improving its heuristics before trusting its risk scores. If you want, I can list the specific buggy code locations and suggest precise fixes to make the analyzer safer and more accurate.

Review Dimensions

Purpose & Capability: okName/description match the delivered artifacts: a Python-based skill quality analyzer. No unexpected env vars, binaries, or install steps are requested. Including scripts/analyzer.py is reasonable for this purpose.
Instruction Scope: concernSKILL.md instructs running the included Python analyzer and claims it's 'safe to run on any skill' and 'does not modify analyzed skills'. The code reads SKILL.md and script files under the target path (expected), but contains several problematic/naive behaviors: manual frontmatter parsing that can be brittle, simplistic heuristics for CLI detection and secret detection (likely false negatives/positives), and a truncated _assess_risk implementation (unfinished 'ret' token) that will cause runtime errors or incorrect risk reporting. These mean the tool can crash or produce misleading scores.
Install Mechanism: okNo install specification (instruction-only with bundled script). That is low-risk from an installation standpoint — nothing is automatically downloaded or written to disk by an installer.
Credentials: okNo environment variables, credentials, or config paths are requested. The analyzer only reads files under the supplied skill path; it does not declare access to unrelated secrets or services.
Persistence & Privilege: okThe skill is not forced-always, does not request system-wide persistence, and the code does not appear to modify global agent configuration. It reads files but does not declare any persistent privileges.