Skillv1.0.0

ClawScan security

Nervix Onboarding · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 5:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's high-level purpose (onboarding and publishing) is plausible, but the runtime instructions reference credentials, CLI tools, and persistence actions that are not declared in the skill metadata — this mismatch deserves caution before installation.
Guidance: This skill generally does what it says (onboarding and publishing), but the SKILL.md expects tools and secrets that the registry metadata does not declare. Before installing or running: 1) Verify the skill's origin or vendor (who maintains nervix CLI and the nervix.ai endpoints). 2) Expect to need Node.js 22+, corepack/pnpm, the Nervix CLI, and a CLAWHUB_API_TOKEN — confirm what exact env vars and CLI binaries will be used. 3) Review any local repository files referenced (server/clawhub-publisher.ts, client pages) before running enrollment/publish steps. 4) Limit the scope of any tokens you supply (use least privilege and short-lived tokens if possible) and store them securely. 5) If you need higher assurance, ask the publisher to update the skill metadata to declare required binaries and env variables (and to supply a trusted install path for the Nervix CLI). If the publisher cannot clarify, treat the skill as untrusted and perform onboarding manually or in an isolated environment.

Review Dimensions

Purpose & Capability: concernThe stated purpose (onboarding agents into Nervix and publishing to ClawHub) matches the instructions' actions (checking endpoints, enrolling, publishing). However, the skill metadata declares no required binaries or environment variables while the SKILL.md explicitly expects Node.js 22+, corepack/pnpm, a Nervix CLI, and CLAWHUB_API_TOKEN. This undocumented requirement is an incoherence: a legitimate onboarding/publish skill would reasonably need those tools/credentials and should declare them.
Instruction Scope: okThe SKILL.md stays on-topic: it instructs verifying Nervix endpoints, running an enrollment flow, building a skill bundle, and publishing to ClawHub. It does instruct persisting agentId/access/refresh tokens and signing nonces with an agent keypair — actions that are expected for enrollment flows but that involve creating/storing sensitive credentials. There are no instructions to read unrelated system paths or exfiltrate data to unexpected endpoints.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, which is the lowest filesystem installation risk. No downloads or installers are defined in the skill bundle.
Credentials: concernThe documentation requires sensitive items (CLAWHUB_API_TOKEN, agent keypair for signing, agent tokens) and external tooling (Nervix CLI, Node.js/pnpm) but the registry metadata lists no required environment variables or binaries. The mismatch means the skill may prompt for or expect secrets at runtime that were not declared up-front; users should confirm exactly which credentials are needed and ensure they are appropriately scoped before use.
Persistence & Privilege: noteThe skill recommends persisting agentId/access/refresh tokens and running a heartbeat. That is normal for onboarding. The skill is not set to always:true and does not request system-wide privilege. Still, because it stores and uses long-lived tokens, confirm secure storage and token scoping prior to running enrollment steps.