Skillv1.0.0

ClawScan security

Clawdhub 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 15, 2026, 10:57 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is broadly coherent (it wraps an npm CLI that manages skills) but there are minor inconsistencies and missing declarations (undeclared env override, login/credentials handling, metadata mismatch) that warrant caution before installing and running the CLI.
Guidance: This skill appears to be an instruction-only wrapper for an npm CLI that manages skills. Before installing or running it: 1) Verify the 'clawdhub' npm package and its publisher on the npm registry (packages can be malicious or compromised). 2) Be aware the CLI writes to the current working directory by default (./skills) and can update installed skills — set --workdir/--dir to a safe location. 3) The SKILL.md mentions 'clawdhub login' and an environment override CLAWDHUB_REGISTRY, but the manifest does not declare any credentials or env vars — expect credential storage (tokens) and the ability to point the CLI to an arbitrary registry; don't run login or change the registry unless you trust the destination. 4) If you need higher assurance, inspect the npm package source (or run the CLI in a sandbox) to see exactly what it stores and where it communicates. These inconsistencies justify caution but are not definitive proof of malice.

Review Dimensions

Purpose & Capability: okName/description, required binary (clawdhub), and provided runtime instructions align: this is a thin wrapper instructing the agent to use the ClawdHub CLI to search/install/update/publish skills. The declared install (npm package 'clawdhub') is appropriate for that purpose.
Instruction Scope: noteSKILL.md only instructs use of the clawdhub CLI (search/install/update/list/publish). It references default registry URL and local workdir/install dir. This stays within the expected scope, but it also documents behavior that will write to the agent's working directory (default ./skills) and perform updates based on local file hashes — actions that modify local filesystem and could change installed skills.
Install Mechanism: noteThe install spec uses npm to install the 'clawdhub' package, which is a typical mechanism for a CLI. That carries moderate risk because it will download and run code from the npm registry; the package source and maintainer reputation are not provided here, so users should verify the npm package before installing.
Credentials: concernThe skill's manifest declares no required environment variables or primary credential, but SKILL.md explicitly mentions CLAWDHUB_REGISTRY as an environment override and documents 'clawdhub login' for publishing (which implies storage/usage of credentials/tokens). This mismatch (undeclared env var and implicit credential handling) is a proportionality/visibility issue: the skill may cause credential storage or honor an env var that can point to arbitrary registries, but these are not surfaced in the manifest.
Persistence & Privilege: okalways:false and no special config paths or permanent privileges are requested. The skill will install a CLI binary and perform filesystem writes in its workdir (expected behavior). There is no sign it modifies other skills' config or system-wide settings.