Skillv1.0.0

ClawScan security

Ls Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 4:22 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code is small and non-malicious, but the SKILL.md promises many flags and behaviors the included script does not implement, which is an incoherence you should be aware of before installing.
Guidance: This package appears to implement a minimal directory-listing script and is not executing network calls or reading secrets, but its documentation (SKILL.md) claims many options that the script does not implement. Before installing or enabling it: 1) Review the included scripts/ls.py yourself (it's short) to confirm it meets your needs. 2) If you expect -a, -h, -R, -t, or multiple-path support, do not rely on this skill until the code is updated. 3) Test the script in a non-sensitive directory to confirm behavior (it will error if given a file path rather than a directory and lacks error handling). 4) If you plan to allow autonomous invocation, be mindful that the skill can enumerate files in directories an agent has access to — avoid enabling it if you are concerned about accidental disclosure of sensitive paths. If you want the advertised features, ask the author to fix SKILL.md or provide a matching implementation.

Review Dimensions

Purpose & Capability: noteName and description match the included code's intent (listing directory contents). The single Python script implements a basic listing and size output when -l is passed. However, the SKILL.md advertises many additional options (-a, -h, -R, -t, multiple paths) that are not implemented, so the advertised capability surface is larger than the actual implementation.
Instruction Scope: concernSKILL.md instructs the agent to accept and use multiple options and path arguments (e.g., -a, -h, -R, -t, multiple paths). The runtime script only accepts a single optional path and a -l flag. This mismatch could lead an agent (or user) to assume functionality that doesn't exist. The instructions do not ask to read any unrelated files, environment variables, or external endpoints.
Install Mechanism: okNo install spec (instruction-only with a small shipped script). Nothing is downloaded or written to disk by an installer. The provided Python script is short, readable, and contains no network or external dependency behavior.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The code only accesses the filesystem in the path provided by the user; no secrets or unrelated config are requested.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated privileges or modify other skills or system configs. Autonomous invocation is allowed (platform default) but there are no additional persistence or privileged behaviors in the package.