Skillv1.0.0

ClawScan security

Network Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 9:10 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code implements the described network-diagnostic features and requests no unrelated secrets or installs; minor documentation/CLI mismatches and the inherent sensitivity of network scans are the main concerns to be aware of.
Guidance: This skill appears to implement a legitimate network diagnostics tool and does not request secrets or perform hidden installs. Before installing, consider: (1) SKILL.md examples don't match the script's subcommands — expect to use commands like 'ping', 'curl', 'dns', 'port', 'ports', 'ip', 'speed' when running the script; (2) the tool will make outbound HTTP requests to public IP and speed-test services and can make arbitrary HTTP requests via its curl subcommand; (3) it includes port-scanning functionality — scanning remote hosts/networks you don't own can be considered hostile or illegal in some jurisdictions, so use responsibly and with permission; (4) ping uses the system 'ping' binary (may not exist in some environments); and (5) if you need MX/TXT DNS lookups, the script optionally requires dnspython. If you need stronger assurances, ask the publisher for an updated SKILL.md that accurately documents the CLI, external endpoints contacted, and any runtime dependencies.

Review Dimensions

Purpose & Capability: okThe Python script implements ping, HTTP requests, DNS lookups (with optional dnspython), single-port checks, port-range scanning, public IP detection (via public APIs), and a simple download speed test — all consistent with the stated purpose of network diagnostics and interface/connection inspection. It does call the system 'ping' binary via subprocess, which is reasonable for a ping feature.
Instruction Scope: noteSKILL.md describes network diagnostics but the examples/flags in SKILL.md (e.g., single-letter flags -i, -r, -c and 'network-tool -i') do not match the actual script's subcommand-based CLI (ping, curl, dns, port, ports, ip, speed). The SKILL.md also does not explicitly warn that the tool will: perform outbound HTTP requests to third-party services (api.ipify.org, ifconfig.me, icanhazip.com, Cloudflare speed URL), optionally perform DNS MX/TXT queries using dnspython, and perform port scans — all of which are part of the script and can be sensitive or intrusive depending on usage.
Install Mechanism: okThere is no install spec (instruction-only skill with an included script file). Nothing is downloaded from external URLs during an install step. The script itself will be run at runtime; no embedded download/install behavior was found.
Credentials: okThe skill declares no required environment variables or credentials and the code does not read environment secrets. No disproportionate credential access is requested.
Persistence & Privilege: okThe skill is not always-included and does not request persistent system-wide privileges or modify other skills. It can be invoked autonomously by the agent (default behavior) but it does not escalate privileges or persist configuration outside its own runtime.