Skillv1.0.0

ClawScan security

Dark-Factory-Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 5, 2026, 1:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely implements a local spec-validator/test/orchestrator pipeline that matches its stated purpose, but several claims (true cryptographic signing; actually executing generated code/tests) are misleading and the runtime instructions use hard-coded paths — review before use and do not treat reports as legally-signed proof or as evidence of real test execution without additional controls.
Guidance: This skill is plausible for local specification validation and mock behavioral testing, but do not assume its reports are cryptographically signed or that generated code is actually compiled/executed. Specifically: - Cryptographic signing: The orchestrator embeds a SHA-256 digest of the report and states 'In production, sign with a private key' — there is no private-key signing or key management. A SHA-256 digest alone does not provide non-repudiation. If you need verifiable signatures, add a real signing step and secure key storage. - Code generation & test execution: The code-generation and test stages are placeholders that simulate success/failure with randomness and return stub files; the orchestrator does not run the generated source through a test runner or execute the generated binaries. Do not rely on this skill for real CI verification without replacing stubs with real generation and test execution. - Hard-coded paths: SKILL.md examples use absolute paths under /home/ubuntu/skills/... — ensure the runtime environment matches or adjust paths; running the scripts on a different layout may fail. - Safe usage recommendations: run the skill in an isolated/sandbox environment, inspect the generated outcome_report.json before trusting it, and treat the report digest as an integrity checksum rather than a cryptographic signature unless you extend the workflow with private-key signing. If you intend autonomous pipeline use with real production specs or secrets, add access controls and integrate real test runners and signing infrastructure first.

Review Dimensions

Purpose & Capability: concernThe skill's name/description (validate specs, run behavioral tests, generate code, execute tests, produce cryptographically signed reports) broadly matches the included scripts. However two important capability mismatches exist: (1) 'cryptographically signed outcome reports' is implemented only as a SHA-256 digest stored in the report (no private-key signature or key management), and (2) code generation and unit/integration test steps are simulated/stubbed (randomized pass/fail and placeholder generated files) rather than actually invoking a code-generation backend or executing real test suites. These are material gaps between the advertised capabilities and what the code actually performs.
Instruction Scope: noteSKILL.md instructs running the included Python scripts and references absolute paths like /home/ubuntu/skills/dark-factory/scripts/*. The runtime instructions and scripts operate only on provided specification JSON files and write local outcome reports; they do not read unrelated system files or request credentials. However the docs reference integrating with other skills (intent-engineering, feedback-loop) and a unified orchestrator; those integrations are only procedural examples and not implemented here. Also the orchestrator does not actually execute generated source code or run real test frameworks — it simulates those steps.
Install Mechanism: okNo install spec (instruction-only with bundled scripts). Nothing is downloaded or executed from remote URLs; all code is included with the skill. This minimizes install-time risk.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The code uses only local filesystem I/O for specs and reports and standard library modules (json, hashlib, etc.). No secrets or external credentials are requested or used.
Persistence & Privilege: okalways:false and default agent invocation are used. The skill writes output files to the specified output directory (creates directories if needed) but does not attempt to modify other skills' config or system-wide settings. Autonomous invocation is permitted by platform default — not a unique risk here.