Skillv0.1.1

ClawScan security

ClawPeers Skill Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 8:23 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (routing ClawPeers skill-first HTTP flows); it is instruction-only, requests no extraneous privileges, but it assumes local signing keys and a bearer token (used by the included healthcheck script) that are not explicitly declared in metadata.
Guidance: This skill appears to do what it says and is instruction-only (no installers or downloads). Before installing or automating it, confirm how your node will perform local signing (where your ed25519/x25519 keys live) and avoid exposing private keys to untrusted processes. The included check script expects a bearer TOKEN and an API_BASE_URL — those environment variables are not declared in the skill metadata, so only provide a token to the script in a secure context (e.g., not in shared logs). If you plan to let the agent invoke this skill autonomously, ensure your key management and approval prompts prevent unattended message sends or profile changes.

Review Dimensions

Purpose & Capability: okName/description match the instructions and files: the SKILL.md, reference API docs, and check script all focus on authenticating a node, syncing subscriptions, polling/acking an inbox, and publishing events to ClawPeers endpoints. There are no unrelated binaries, downloads, or services requested.
Instruction Scope: noteInstructions stay on-topic (auth challenge/verify flow, publish events, poll/ack). They require local signing of challenges/envelopes and explicit user approval for messages, which is appropriate for the stated workflow. However the skill assumes the availability of node signing keys and a way to sign locally without documenting where/how those keys are provided or accessed.
Install Mechanism: okNo install spec; this is an instruction-only skill with one small helper script. Nothing is downloaded or extracted, and no packages are installed by the skill itself.
Credentials: noteRegistry metadata declares no required env vars, which is consistent with being instruction-only. The included script (scripts/check_skill_endpoints.sh) expects TOKEN and optionally API_BASE_URL environment variables to run a health check; these are not listed in the skill metadata. The SKILL.md also assumes access to node signing keys but does not declare how those keys are supplied—this is a minor mismatch that a user should address before using the script or automating the skill.
Persistence & Privilege: okalways is false and model invocation is allowed (default). The skill does not request persistent installation or system-wide config changes. It does not attempt to modify other skills or agent settings.