Skillv1.0.0

ClawScan security

Env Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 4:30 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly just reads and prints environment variables (which is consistent with inspecting the environment) but its description and docs claim setting/managing and running commands with modified environments while the bundled code only lists or prints values — an incoherence that could surprise users and risk exposing secrets.
Guidance: This skill is coherent for inspecting environment variables but its README/description overpromise: the included script only prints a variable or lists all env vars — it does not set variables or run commands with modified environments. Before installing, consider: (1) Do not grant this to agents that run autonomously against environments containing secrets, because the script will reveal all environment variables. (2) Confirm how the platform executes the bundled script (no install step provided). (3) If you need a tool that sets variables or runs commands with modified env, update or replace the script — do not assume that functionality exists. (4) Review and test the script in an isolated environment first; restrict its use to interactive, user-invoked sessions if you want to avoid accidental secret exposure.

Review Dimensions

Purpose & Capability: concernThe name/description say "Display, set, and manage" environment variables and the SKILL.md describes running commands with modified environments, but the included script (scripts/env.py) only reads and prints environment variables or a single variable's value. The advertised ability to set variables or run commands with a modified environment is not implemented.
Instruction Scope: concernRuntime instructions and examples focus on listing and querying variables (which matches the script) but also mention temporary assignments and running commands with modified environments — actions not supported by the code. The script will print all environment variables (including secrets) if run, so using it can expose sensitive information; that behavior is consistent with 'inspect' but the SKILL.md overclaims capabilities.
Install Mechanism: noteThere is no install spec (instruction-only), but a code file is included. Without an install step the agent/platform must be able to execute scripts from the skill bundle; this is common but you should confirm how/where the script will be executed. No external downloads or third-party packages are used.
Credentials: concernThe skill declares no required credentials (ok) but the tool inherently reads and prints the entire process environment. That can reveal secrets (API keys, tokens) from the host environment. Requesting no env vars is coherent, but the ability to enumerate all environment variables is powerful — users should assume it can exfiltrate anything in env if output is transmitted elsewhere.
Persistence & Privilege: okThe skill does not request persistent presence (always:false) and does not modify other skills or system-wide settings. It does not request elevated privileges in the manifest.