Skillv1.0.0

ClawScan security

auto-git · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 5:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches a simple Git/GitHub helper, but the runtime instructions reference a PowerShell script that is not included and tell the user to run PowerShell with ExecutionPolicy Bypass — this inconsistency and the encouragement to bypass execution policy are concerning.
Guidance: Do not run unsigned or missing scripts with ExecutionPolicy Bypass. Before installing or using this skill: (1) Ask the publisher for the missing 'github-deploy-skill.ps1' and review its full source locally — do not execute it blind. (2) Prefer not to use '-ExecutionPolicy Bypass' unless you understand and trust the script contents. (3) Ensure git and gh are installed and that your GitHub auth is configured through gh (so tokens remain under your control). (4) Ask for a homepage or source repo / verify the author; the package currently lacks provenance. If the author cannot supply the script content or a trustworthy source, treat the skill as unsafe to run.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a PowerShell-based GitHub deploy helper and refers to an included file 'github-deploy-skill.ps1', but that file is not present in the package. Requiring a local script to perform commits and pushes is reasonable, but referencing a non-existent script is incoherent and unexplained.
Instruction Scope: concernInstructions are narrowly scoped to git/gh operations (commit, push, optional repo creation) which is appropriate. However they explicitly recommend running a script with 'powershell -ExecutionPolicy Bypass -File ...', which bypasses PowerShell execution policy and makes it easier to run unsigned/remote code. Because the actual script content is missing, the instructions implicitly push the operator to obtain or run external code — a potentially risky/ambiguous action.
Install Mechanism: okThere is no install spec and no files are written to disk by the skill itself (instruction-only). This is low-risk behavior in isolation. The skill does require the external binaries 'git' and optionally 'gh', but does not attempt to install them.
Credentials: noteNo environment variables or credentials are requested by the skill metadata. The runtime behavior (use of the GitHub CLI 'gh') will rely on whatever GitHub authentication the user already has configured; this is proportionate. However, because the script is missing, it's unclear whether it would access any other credentials or config files.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system presence or modify other skills' configs. Autonomous invocation is allowed by default (normal) and not by itself a concern here.