Back to skill
Skillv2.1.0
ClawScan security
Erp Integration Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 15, 2026, 3:20 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated ERP-analysis purpose, but the package manifest requests network and filesystem permissions (and a Win32 restriction) that aren't justified or declared elsewhere — this mismatch is suspicious and worth verifying before installing.
- Guidance
- This skill appears to implement ERP integration analysis logic and expects user-provided files or data. Before installing: (1) ask the publisher why claw.json declares network and filesystem permissions — does the skill call external ERP APIs or fetch vendor data? (2) Confirm whether it will request or store any ERP credentials; none are declared. (3) Check the Win32-only restriction and the python3 requirement match your environment (on Windows the binary name may differ). (4) If you don't want any external network access, run it in a sandbox or deny network permission until the author clarifies the need. (5) Verify the publisher/homepage and the version mismatch between claw.json (2.0.0) and registry metadata (2.1.0). If you need higher assurance, request the full SKILL.md content from the author showing any network endpoints and credential use before enabling the skill.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md contains detailed Python data models and analysis routines that align with the stated goal of mapping and optimizing ERP data flows for construction. However, the claw.json manifest requests filesystem and network permissions even though the skill declares no required credentials or external endpoints; that permission request is not clearly justified by the instructions.
- Instruction Scope
- okInstructions and instructions.md constrain the agent to use only user-provided data, file paths, or direct input and to validate inputs; the included Python code operates on supplied ERPs, integration points, and transaction logs. There are no explicit instructions to read unrelated system files or to transmit data externally in the visible SKILL.md content.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files to execute outside the agent. That minimizes install-time risk.
- Credentials
- concernThe skill declares no required environment variables or credentials, yet the manifest grants network permission. If the skill were to call external ERP APIs or vendor endpoints it would typically need credentials; those are not declared. This mismatch (network access without declared credentials or endpoints) is disproportionate and should be explained by the publisher.
- Persistence & Privilege
- okalways is false and the skill is user-invocable only; it does not request persistent or platform-global privileges. However, the manifest's filesystem and network permissions increase potential blast radius even though the skill does not request persistent presence.