Skillv0.1.0

ClawScan security

diffmanifests · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 2:13 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's description, runtime instructions, and bundled config are coherent for a manifest-diff CLI; the only notable runtime risk is that it tells the agent to pip-install an external package (expected but requires vetting).
Guidance: This skill is internally consistent for comparing manifest XMLs via Gerrit/Gitiles. Before installing or running it: 1) Inspect the PyPI package (diffmanifests) on PyPI/GitHub to confirm the code does what you expect — don't blindly run `pip install`. 2) Provide credentials only if needed and prefer limited-scope tokens/accounts. 3) Run the tool in an isolated environment (container/VM) if you have concerns about installing third-party packages. 4) If you need higher assurance, ask the skill author for the package source or vendor-signed release rather than installing blindly from the network.
Findings: [no_code_files] expected: The regex scanner had no code to analyze because this is an instruction-only skill (SKILL.md + config.json). That is consistent with the skill design: it relies on an external PyPI package rather than bundling code.

Review Dimensions

Purpose & Capability: okName/description match the instructions: the skill directs use of a diffmanifests CLI that queries Gerrit/Gitiles and outputs JSON/txt/xlsx reports. The included config.json contains Gerrit and Gitiles endpoints and optional credentials, which is appropriate for the stated purpose.
Instruction Scope: okSKILL.md confines actions to installing the diffmanifests CLI, reading a config JSON (bundled or user-supplied), reading two manifest XML files, and writing an output file. It does not instruct reading unrelated system files, environment variables, or exfiltrating data to unexpected endpoints beyond Gerrit/Gitiles.
Install Mechanism: noteThere is no install spec in the skill bundle; instead the instructions tell the agent to run `pip install diffmanifests`. Installing a package from PyPI at runtime is a normal choice but is a moderate-risk operation because it pulls third-party code to disk and executes it. The skill itself does not include the package code to review.
Credentials: okNo environment variables or system config paths are requested by the skill. The config.json exposes fields for Gerrit/Gitiles user and pass (username/token), which are expected and proportionate to contacting those services.
Persistence & Privilege: okThe skill does not request persistent or elevated platform privileges, is not always-enabled, and does not modify other skills or global agent configuration. Autonomous invocation is allowed but is the platform default and not excessive here.