Skillv1.0.0

ClawScan security

Ln Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 29, 2026, 4:55 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims full ln-like behavior (hard links, options, force replace) but the included code only creates a simple symbolic link and does not implement the documented options — functionally inconsistent though not clearly malicious.
Guidance: This skill's documentation and code disagree: the docs describe hard links and options (-s, -f, -n) but the included script only creates a single symbolic link and requires exactly two args. Before installing or granting it to an agent: 1) review/confirm the script source and intended behavior (ask the author to fix or clarify); 2) test the script in a safe directory to observe actual behavior; 3) prefer the system-provided ln/coreutils for robust link operations; 4) run the agent with least privilege — creating symlinks can be abused if done with high privileges or against sensitive paths. If you expect the documented features, request an updated implementation or reject the skill until it matches its description.

Purpose & Capability: concernThe name/description claim support for both hard and symbolic links and several CLI options (-s, -f, -n). The shipped script (scripts/ln.py) only calls os.symlink and requires exactly two arguments; it does not implement hard links or any of the documented options. The README/usage and actual capability are therefore inconsistent. No homepage or source is provided to clarify intent.
Instruction Scope: concernSKILL.md gives CLI usage and examples that imply behavior (hard links, force replace) the code does not perform. The runtime instructions do not direct the agent to read unrelated files or credentials, but they are inaccurate and could cause the agent to attempt operations that will fail or behave unexpectedly.
Install Mechanism: okThere is no install spec and the package is instruction-plus-a-small script only. Nothing is downloaded or written during install, which is proportionate to a small CLI helper.
Credentials: okNo environment variables, credentials, or config paths are requested — the skill does not ask for unrelated secrets or privileges.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence. It only provides a small script that creates symlinks; it does not modify other skills or agent configuration.