Skillv1.0.0

ClawScan security

Id Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 28, 2026, 10:05 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description and SKILL.md promise options and user lookups, but the included script only prints the current process's UID/GID (no options, no username support, no supplementary groups) — a coherence/quality mismatch though not obviously malicious.
Guidance: The skill appears to aim to replicate the Unix `id` command, but the included script is a minimal implementation and does not match the SKILL.md (no option parsing, no username argument handling, no supplementary groups). This is likely a quality/incompleteness issue rather than malicious code — the script only reads local user/group info via pwd/grp. Before installing or using it: (1) review the scripts/id.py source (you already have it) and confirm it does what you expect, (2) if you need full `id`-like behavior, either update the script or run the system `id` binary instead, and (3) run the script in a safe environment if you want to observe runtime behavior. If the mismatch between documentation and code worries you, treat the skill as untrusted until the maintainer fixes the docs or the implementation.

Purpose & Capability: concernThe README and description claim feature parity with a typical `id` utility (options -u/-g/-G/-n and an optional username). The shipped script (scripts/id.py) only prints the current UID and GID with names and does not implement option parsing, username lookup, or supplementary group listing. This is a functional mismatch between claimed capability and actual code.
Instruction Scope: noteSKILL.md's runtime instructions remain within the expected scope (display local identity info) and do not direct network exfiltration or access to unrelated system paths. The code uses pwd and grp to resolve names (reads system user/group databases), which is expected for this purpose. However, the docs instruct behaviors the code does not perform.
Install Mechanism: okNo install spec or third-party downloads; the skill is instruction/code-only and does not write or fetch external artifacts. Low install risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The script only uses standard library calls to query local user/group info — proportional to the stated purpose.
Persistence & Privilege: okThe skill does not request persistent presence (always:false), does not modify other skills or system-wide settings, and has no elevated privileges indicated.