Cobra Claw - Strike First. Strike Hard
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple themed personality/lookup skill with small local shell scripts and no evidence of credential access, networking, persistence, or destructive behavior.
This skill appears safe to install based on the provided artifacts. Be aware that it includes bash scripts, so inspect any external version before running it and use the included CLI only with expected kata names.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the CLI may execute local shell scripts from the skill directory.
The CLI can execute a local kata script selected by an argument. This is disclosed and central to the skill's purpose, and the included kata scripts only echo text.
if [ -x "$SCRIPT_DIR/katas/${kata}.sh" ]; then
"$SCRIPT_DIR/katas/${kata}.sh"Run only the reviewed included scripts and avoid passing untrusted or unexpected kata names.
If a user clones the external repository, they may receive code that differs from the reviewed artifacts.
The README points users to clone an external repository, while the registry source is listed as unknown. This is user-directed setup guidance, not automatic execution.
git clone https://github.com/danieloleary/cobraclaw.git
Prefer the reviewed registry package, or verify the external repository and inspect files before running its scripts.