Skillv1.0.1

ClawScan security

Github Private Repo SSH Routing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 4:47 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (diagnosing SSH host aliases and Git remotes for private GitHub repos) and request only the local, read-only checks needed for that task.
Guidance: This skill appears to do what it says: local, read-only diagnosis of SSH aliases, keys, and Git remotes. Before running anything: (1) review the audit output yourself — it will list ~./ssh filenames and permissions which are sensitive (don’t paste them in public), (2) run the bundled script only on machines you control, (3) expect the script to require git and ssh on PATH (the metadata omission is just documentation), and (4) follow the SKILL.md advice to inspect before editing remotes or config files (fixing remotes without checking automation sources can lead to config drift). If you need higher assurance, open the script and reference files locally to confirm there are no network calls or hidden write actions (they are not present).

Review Dimensions

Purpose & Capability: okThe name/description, README guidance, reference docs, and bundled audit script all focus on SSH alias, key, and Git remote diagnosis for GitHub private repos. The actions (ls ~/.ssh, sed ~/.ssh/config, git remote, ssh -G, ssh -T, git ls-remote) are appropriate for that purpose. Minor metadata omission: the skill metadata lists no required binaries even though the script expects git and ssh; this is an implementation documentation gap, not a functional mismatch.
Instruction Scope: okSKILL.md and the script limit themselves to local, read-only inspection and diagnostic commands. They reference only local SSH files, permissions, and git metadata and do not instruct sending data to external endpoints. The script prints filenames and permission info (which is sensitive but relevant to diagnosis); overall the scope stays within the stated troubleshooting domain.
Install Mechanism: okThere is no install spec (instruction-only with a helper script included), so nothing is downloaded or installed. This minimizes install-time risk.
Credentials: okThe skill does not request environment variables, credentials, or config paths beyond reading standard SSH and repo files under the user's home directory. Example text references OpenClaw config for context but the skill does not demand access to unrelated secrets or services.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. It does not request persistent installation nor modify other skills or global agent settings. The workflow recommends manual edits by the user; the provided script performs only read-only auditing.