Skillv1.0.0

ClawScan security

Head Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 28, 2026, 6:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a simple file-preview tool and contains no network/credential behavior, but the documentation (SKILL.md) and declared usage claim features that the included script does not implement, so the package is internally inconsistent.
Guidance: This skill appears to be what it claims (a simple head-like viewer) and contains no network or credential requests, but the documentation and examples promise features (-c byte mode, -q quiet, multiple files) that the included script does not implement. Before installing or relying on it: 1) treat the package as untrusted code and review the script (it's short) or run it in a sandbox; 2) be aware the script reads entire files into memory (open(...).readlines()), which can cause large-memory use on very big files — prefer a streaming implementation if you need to inspect huge logs; 3) if you need the advertised -c/-q/multiple-file behavior, either update the code or do not rely on this skill; 4) since the skill can read any file the agent has permission to access, avoid invoking it on sensitive paths unless you trust the environment. If you want a fully coherent skill, ask the author to either update SKILL.md to match the code or extend the script to implement the advertised options and safe streaming/encoding handling.

Purpose & Capability: noteThe stated purpose (show first lines of files) matches the supplied script: scripts/head.py prints the first N lines or reads from stdin. However SKILL.md advertises additional options (-c to show bytes, -q quiet mode, multiple files) that the script does not implement; this mismatch is unexplained and could confuse users or hide missing functionality.
Instruction Scope: noteSKILL.md instructs the agent to run head-tool and to read from stdin when no file is specified, which the script follows. The instructions imply handling multiple files and byte-mode output, but the runtime code only accepts a single optional filename and a line-count flag, so the instruction set is broader than the actual code behavior.
Install Mechanism: okThis is an instruction-only skill with one small Python script and no install spec; nothing is downloaded or installed automatically, which minimizes risk.
Credentials: okNo environment variables, credentials, or config paths are requested or required; the script only reads files or stdin, which is consistent with purpose.
Persistence & Privilege: okThe skill does not request always-on presence and has normal invocable defaults; it does not modify system or other skills' configs.