Back to skill
Skillv1.0.0
ClawScan security
Free Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 4:53 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and declared purpose align: it reads /proc/meminfo to report memory stats, requests no credentials, and has no install steps — however the SKILL.md advertises CLI options and packaging that the small script does not implement.
- Guidance
- This skill appears to do what it says: a tiny Python script that reads /proc/meminfo and prints memory fields. It requests no secrets and has no installer, so risk is low. Two caveats: (1) the README/ SKILL.md advertises CLI options and an executable name that are not implemented — expect to run the script directly (python3 scripts/free.py) or provide your own wrapper if you need those options; (2) because it reads /proc, it reveals system memory info (non-sensitive in most contexts) — consider whether exposing that to the agent is acceptable in your environment. If you want the documented CLI behavior, ask the author for a proper wrapper or update before installing.
Review Dimensions
- Purpose & Capability
- okName/description (report system memory usage) match the included script, which reads /proc/meminfo and prints relevant memory lines. No unrelated credentials, binaries, or install steps are requested.
- Instruction Scope
- noteSKILL.md documents a CLI with options (-h, -m, -g, -t) and examples, but the included scripts/free.py does not parse arguments or implement those options. Also SKILL.md implies an executable named `free-tool` though no install mechanism or wrapper is provided. This is a usability/incoherence issue rather than a security risk.
- Install Mechanism
- okNo install spec — instruction-only plus a tiny script. Nothing is downloaded or written to disk beyond the provided file, so install risk is minimal.
- Credentials
- okNo environment variables, credentials, or external config paths are requested. The script reads /proc/meminfo, which is appropriate and proportionate for reporting memory usage.
- Persistence & Privilege
- okSkill is not always-on and does not request elevated persistence or modify other skills or system-wide settings. It can be invoked by the agent but has no broad privileges.