Skillv1.0.0

ClawScan security

ddday · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 3:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are largely coherent with a local
Guidance: This skill appears to do what it says (scanning projects and building migration bundles) but has important privacy risks by default. Before installing or running it: 1) Only register explicit project paths — never add home (~/) or root, or entire disks. 2) Review workspace.json after adding projects to ensure paths are correct. 3) Expect the export/snapshot to include everything in each registered project directory; explicitly exclude directories or file patterns that contain secrets (e.g., .env, credentials, private keys, build artifacts). 4) Inspect any generated bundle before transferring it off-device. 5) Don't enable the optional cron until you have a reviewed generate_dashboard.py script in place and are confident about what gets collected. 6) If you need assurance the skill won't collect agent memory or other sensitive config, ask the author (or review the missing Mode 4 export details) — the truncated instructions make it unclear whether 'AI memory' or other agent files are collected. Additional information that would change this assessment: the full Mode 4 export procedure, explicit exclusion rules for secrets, and confirmation that no network upload of bundles occurs.

Review Dimensions

Purpose & Capability: noteThe skill claims to scan registered projects and produce migration bundles; the required tools and actions (reading project files, running git, find, writing logs) align with that purpose. It does not request unrelated credentials or binaries.
Instruction Scope: concernThe runtime instructions direct the agent to read arbitrary files under each registered project, run git commands, and produce a bundled 'snapshot' that includes 'all data' and 'AI memory'. The instructions do not enumerate safe exclusions (e.g., .env, secret files) and are vague about what 'AI memory' includes. That vagueness could lead to accidental collection of sensitive files or agent memory outside the intended scope.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files — low install risk. It instructs the user to create a local symlink into $HOME/.claude/skills, which is a benign, local setup step for an agent skill.
Credentials: noteThe skill requests no credentials or config paths, which is proportional. However, because it reads arbitrary project directories and packs 'all data', it can still collect secrets that happen to be in those directories; the skill does not require or declare access to any external credentials but can exfiltrate local secrets if misused.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does instruct creating a symlink within the user's skills directory (normal). No instructions were found that modify other skills or system-wide configurations beyond the skill's own path.