Back to skill
Skillv1.0.0
ClawScan security
Netstat Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 8:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with a network-diagnostics utility and only runs the system netstat command; there are minor mismatches between the docs and the actual script but no signs of exfiltration or unrelated access requests.
- Guidance
- This skill appears to simply run the local netstat command and is coherent with its description. Note the SKILL.md lists CLI options but the included script ignores arguments and always runs 'netstat -tuln' — if you expect option handling or '-p' (which may require elevated privileges), ask the author for the intended behavior or review/extend the script yourself. Ensure the host has 'netstat' (net-tools) installed and that you trust allowing the agent to run local subprocesses, since the skill executes a system command (benign here, but subprocess execution is a capability to be aware of).
Review Dimensions
- Purpose & Capability
- noteThe name/description (network diagnostics) match the included code, which invokes the system netstat command. Minor mismatch: SKILL.md documents CLI options (-t, -u, -p, etc.) but the provided script ignores arguments and always runs 'netstat -tuln'. This is an implementation/documentation inconsistency, not a security red flag.
- Instruction Scope
- okRuntime instructions and examples describe running a netstat-like tool. The script executes only a local 'netstat' subprocess and does not read other files, environment variables, or contact external endpoints. It stays within the stated scope of network diagnostics.
- Install Mechanism
- okNo install spec (instruction-only with a tiny script). Nothing is downloaded or extracted from third-party URLs and no packages are installed — lowest-risk install profile.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill's behavior (running netstat) does not require additional secrets or unrelated access.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). The skill does not request permanent presence nor modify other skills or system-wide settings.