Skillv1.0.1

ClawScan security

Preflyt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 4:22 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (post-deploy read-only scanning) is plausible, but the runtime instructions rely on npx to fetch and execute a remote npm package — which can access local files and environment despite the skill's privacy claims — and the registry metadata lacks verifiable source/homepage details, so the overall footprint is inconsistent and deserves caution.
Guidance: This skill is plausible for post-deploy scans but exercise caution before running its 'npx' command on any machine that holds secrets. npx will download and execute code from the npm registry — that code could read files or environment variables despite the SKILL.md's privacy claims. Before installing/using: (1) Verify the npm package and GitHub repo (review the source code and recent commits) and confirm the publisher identity. (2) Prefer running the scan from an isolated runner (ephemeral CI job or container) that has no secrets or sensitive files mounted. (3) Do not use --share unless you trust preflyt.dev and understand the data shared. (4) If you must run locally, consider vendoring or pinning the package version and auditing it, or request the skill author include the scanner code in the skill so it can be statically reviewed. (5) If you need higher assurance, ask the maintainer for a reproducible build or a signed release and for clarification about telemetry and exact network endpoints contacted.

Review Dimensions

Purpose & Capability: noteThe name/description (post-deploy external scanner) match the runtime instruction to run 'npx preflyt-check <url>' and the only required binary is node, which is proportionate. Minor inconsistency: registry metadata showed no homepage/source while SKILL.md includes a homepage and GitHub repo; that mismatch reduces trust but doesn't itself prove malicious intent.
Instruction Scope: concernSKILL.md instructs the agent to run 'npx preflyt-check <url>' and asserts the package is 'read-only' and 'does not read or transmit any local environment variables, files, or code.' In reality npx downloads and executes code from npm on the agent's host with the permissions of the agent process, so the package could read local files or environment variables contrary to the claim. The skill gives privacy assurances (only the target URL sent) that cannot be verified from an instruction-only bundle.
Install Mechanism: noteNo install spec is included; the skill relies on npx at runtime to fetch code from npm. Fetching and executing a package from a public registry is a common pattern but carries moderate risk (remote code execution at runtime). The SKILL.md points to a GitHub repo and npm listing which is expected, but the registry metadata omission of that information is a trust concern.
Credentials: noteThe skill declares no required environment variables or credentials (proportional). However the SKILL.md mentions an optional license key via a CLI flag and promises not to transmit local env/files; because the package executes locally when run via npx, it could access environment variables or files even though none are declared. That mismatch is noteworthy.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent platform-level privileges. Autonomous invocation is allowed by default (normal). There is no install script in the skill bundle that writes persistent credentials or modifies other skills.