Skillv1.0.0

ClawScan security

Devin Floyd · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 18, 2026, 8:51 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to be a security scanner but provides no scanner code or install instructions — the README tells you to run python scan.py even though no scan.py or install spec is included, which is inconsistent and risky.
Guidance: This skill reads like documentation for a scanner but does not include the scanner code. Do not run commands like python scan.py unless you first verify the code's provenance. Before installing or running: 1) Inspect the referenced GitHub repository to confirm scan.py and the IOC database actually exist and review their source; 2) Require an explicit install or packaging method (or include scan.py in the skill bundle) so you don't have to fetch code manually; 3) If you must test untrusted scanner code, run it in a disposable sandbox/container and audit network calls and file access; 4) Ask the publisher for a reproducible install/test procedure and for provenance (commit history, trusted maintainer); 5) Prefer scanners distributed via well-known package sources or that include their code in the skill bundle. Providing the missing scan.py and an install spec (or a verified repo URL and commit hash) would materially increase confidence.

Review Dimensions

Purpose & Capability: concernThe skill's name/description say it's a security scanner, which would reasonably require a scanner binary/script or an install step. The SKILL.md shows CLI usage (python scan.py ...) and describes an IOC database, but the package contains no scan.py, no executable, and no install mechanism — mismatch between claimed capability and what's actually provided.
Instruction Scope: concernRuntime instructions instruct the agent/user to run python scan.py against skills or paths and to produce JSON/markdown output, but there is no scan.py included and no guidance to obtain it. That gap could cause an agent or user to fetch and execute code from external sources without clear provenance.
Install Mechanism: noteThere is no install spec (instruction-only). That lowers persistence risk, but for a scanner this is unusual — a legitimate scanner would typically include code or an install step. A GitHub repo link is present in the SKILL.md, but no automated install/clone instruction is provided.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The declared requirements (Python 3.8+, stdlib only) are proportionate to a simple static scanner. The SKILL.md does not instruct reading unrelated secrets or system files.
Persistence & Privilege: okNo elevated persistence requested (always:false). The skill is user-invocable and allows normal autonomous invocation, which is expected. It does not request system-wide configuration changes.