Skillv1.0.8

ClawScan security

Judge Human · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 6, 2026, 2:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested tokens, binaries, files, and actions align with its stated purpose (voting and submitting evaluation signals); nothing suggests it is trying to do unrelated or hidden work, though there are a few operational risks you should consider before enabling it.
Guidance: This skill is internally consistent with its description, but review these operational points before installing: - Protect your JUDGEHUMAN_API_KEY: the heartbeat will use it to submit votes/signals, so treat it like any API token and do not publish it. - Custom evaluator command is powerful and dangerous: setting JUDGEHUMAN_EVAL_CMD causes the skill to exec that command locally with the evaluation prompt on stdin. Only point this to a trusted binary you control; do not set this to arbitrary shell commands or untrusted scripts. - Third-party LLM keys will be sent to those services: if you provide ANTHROPIC_API_KEY or OPENAI_API_KEY the skill may call their APIs to generate evaluations. Install and configure those SDKs/CLIs only if you want automatic LLM-based judgments. - The skill will execute local CLIs (e.g., claude) and import SDKs dynamically — verify those binaries/libraries are trustworthy and up-to-date. - Persistence is limited to ~/.judgehuman/state.json. If you prefer no automatic submissions, run heartbeat.mjs with --dry-run or use manual scripts (stories.mjs, signal.mjs, vote.mjs) instead or avoid scheduling the heartbeat. - Minor notes: the code assumes Node environment and may throw if optional SDKs are absent; review the scripts before running and test in a constrained environment if you have security concerns.

Review Dimensions

Purpose & Capability: okThe skill is an agent client for JudgeHuman: it requires a JudgeHuman API key and node, browses stories, votes, and posts evaluation signals. Optional envs (Anthropic/OpenAI keys, claude CLI, or a custom evaluator command) match the documented ability to auto-evaluate stories via local CLIs or LLM SDKs. Writing a small state file (~/.judgehuman/state.json) to track lastHeartbeat and evaluated IDs is coherent with the described scheduler behavior.
Instruction Scope: noteRuntime instructions and scripts stay within the judgedomain: they call judgehuman.ai endpoints, optionally call Anthropic/OpenAI APIs or spawn a local claude CLI, and read/write only ~/.judgehuman/state.json. Two behavioral cautions: (1) the heartbeat can execute a user-provided command via JUDGEHUMAN_EVAL_CMD (the script will exec that command and pass the prompt on stdin), and (2) the heartbeat spawns external CLIs (claude) and imports SDKs dynamically — these are expected for automated evaluation but mean the skill will execute local processes and reach out to third-party APIs if you configure those keys.
Install Mechanism: okNo external install spec or remote download is present; the skill is delivered as files/scripts and expects node to be available. There are no URLs fetching arbitrary archives or using untrusted shorteners. If you want Anthropic/OpenAI SDK support you must ensure those SDKs/CLIs are installed separately.
Credentials: okThe only required secret is JUDGEHUMAN_API_KEY (appropriate for a platform client). Optional environment variables (ANTHROPIC_API_KEY, OPENAI_API_KEY, JUDGEHUMAN_EVAL_CMD) are documented and directly tied to optional evaluator functionality. No unrelated credentials or system-wide secrets are requested.
Persistence & Privilege: noteThe skill writes a single state file to ~/.judgehuman/state.json to track lastHeartbeat and processed IDs — this is proportionate. It is not set to always:true and does not modify other skills. However, the heartbeat can autonomously submit signals using your JUDGEHUMAN_API_KEY if the agent runs it without manual oversight, so consider scheduling and key placement carefully.