Skillv1.0.0

ClawScan security

Kill Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 10:22 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (a simple process-killer CLI) is reasonable, but the distributed instructions and code are inconsistent and broken (CLI name not installed, Python script contains a syntax/logic bug and missing features), so it isn't trustworthy as-is.
Guidance: Don't install or rely on this skill as-is. The SKILL.md refers to a 'kill-tool' CLI and several options, but there is no install step to create that command and the included Python script is syntactically/ logistically broken (it uses args.9 which is invalid syntax and does not implement advertised flags like -l). Practical steps: (1) Ask the author for a fixed release that either provides an install wrapper (puts an executable on PATH) or clear installation instructions; (2) request corrected code (use a valid option name such as '--force' or dest like 'force' instead of '-9', implement listing of signals, and handle non-root permissions safely); (3) avoid granting this skill autonomous invocation until it is fixed and reviewed; (4) be aware that any process-kill tool can be abused to stop important services — ensure you only run trusted versions and limit who/what can invoke it.

Review Dimensions

Purpose & Capability: noteName/description (terminate processes) match the included artifact (a small Python script to send signals). However, the SKILL.md documents a 'kill-tool' CLI and multiple signal options while the repository provides no install instructions to expose a 'kill-tool' command, and the script implements only a single flag in a broken way. The capability requested (none) is minimal and coherent with the stated purpose, but delivery is inconsistent.
Instruction Scope: concernSKILL.md instructs users/agents to run 'kill-tool' with various options (including listing signals). There is no install step that would put an executable named 'kill-tool' on PATH, and the included script path is scripts/kill.py — so runtime instructions don't map to available artifacts. The SKILL.md also advertises multiple signal flags (SIGINT, SIGHUP, list) that are not implemented in the code.
Install Mechanism: noteNo install spec (instruction-only) reduces risk, but the presence of a code file without an accompanying install or wrapper means the documented CLI won't work out of the box. That mismatch is more an operational bug than an installation attack, but it is an incoherence the user should notice.
Credentials: okThe skill declares no environment variables, no credentials, and no config paths, which is proportionate for a local process-control utility.
Persistence & Privilege: okFlags are default (not always:true). The skill does not request persistent or unusual privileges in metadata. Note: killing arbitrary PIDs requires appropriate OS permissions (root or owner) at runtime; that is expected for this kind of tool.