Skillv0.1.11

ClawScan security

use-maskrun · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 2:34 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, purpose, and requirements are internally consistent: it only recommends wrapping potentially sensitive shell commands with maskrun to mask printed environment values and does not request unrelated credentials or system access.
Guidance: This skill is coherent and low-risk: it only advises wrapping shell commands with maskrun to prevent printing sensitive environment values. Before relying on it, (1) verify the maskrun installer you use — prefer package manager installs (brew, npm) or GitHub release assets and review any install script before piping to sh, (2) remember maskrun only masks output; it does not sandbox or stop a command from reading env vars or exfiltrating secrets over the network, so do not treat it as a substitute for least-privilege or network controls, (3) review and tighten maskrun's filter config (exact/glob/regex) to ensure it covers your secret names, and (4) if an agent will run many commands autonomously, ensure you understand when it will use maskrun and that masking patterns are appropriate for your environment.

Purpose & Capability: okName/description match the behavior in SKILL.md: the skill's sole function is to advise using maskrun to avoid leaking environment values. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope: okRuntime instructions are narrowly scoped to wrapping commands with `maskrun --` and configuring maskrun. The SKILL.md does not instruct the agent to read unrelated files, harvest credentials, or transmit data to external endpoints. It explicitly documents maskrun's safety boundary (output masking only).
Install Mechanism: noteThe skill is instruction-only (no install spec), which is low-risk. The included installation examples reference GitHub releases, brew, and npm — appropriate for the project — but also show a curl | sh installer pattern. Piping remote scripts to sh is common but increases risk unless the installer is audited or comes from a trusted source.
Credentials: okThe skill requests no environment variables or credentials. Its guidance deals with masking environment-derived values but does not request access to them. This is proportionate to the stated purpose.
Persistence & Privilege: okThe skill is user-invocable and not always-enabled; it does not request persistent privileges or modify other skills or system-wide settings. It simply advises how to run commands and how maskrun's config is stored in normal per-user locations.