Skillv0.1.0

ClawScan security

Duckse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:23 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's purpose and runtime instructions are coherent for a CLI-based web search helper, but the SKILL.md tells users/agents to run a remote install script (curl | bash), which is a notable risk and warrants caution before installing or running.
Guidance: This skill appears to be a simple wrapper around the duckse CLI and is otherwise coherent, but the SKILL.md recommends installing by piping a remote script into bash (curl | bash). Running such scripts executes code from a remote source and can be dangerous. Before installing or invoking the installer: (1) inspect the install.sh contents directly in your browser or git clone the repository and read the script; (2) prefer installing from a distribution package or a vetted release if available; (3) run the installer in a sandboxed environment (container/VM) if you must test it; (4) verify the upstream GitHub repo and maintainer reputation (dwirx/duckse) and check recent commits/issues; (5) be cautious about running the development fallback (uv run python main.py) unless you control the source tree. If you cannot or will not verify the installer, do not run the curl | bash command.

Review Dimensions

Purpose & Capability: okName/description match the instructions: SKILL.md documents using the duckse (DDGS-based) CLI to perform web, news, image, and video searches. The skill declares no credentials or special privileges and the listed command options are consistent with a search CLI.
Instruction Scope: noteInstructions are narrowly scoped to running duckse commands and troubleshooting PATH. They do not request reading unrelated files or environment secrets. However, the SKILL.md includes an explicit installer command (curl https://raw.githubusercontent.com/.../install.sh | bash) and a development fallback invoking local code (uv run python main.py), which broaden the operational surface the agent might execute.
Install Mechanism: concernThere is no formal install spec in the registry, but the SKILL.md tells the agent/user to run a remote install script piped to bash from raw.githubusercontent.com. Download-and-execute of a remote script is a higher-risk install pattern (arbitrary code execution). While GitHub raw URLs are a common host, executing an external script without verification is risky and disproportionate to a simple search helper.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. Troubleshooting mentions adjusting PATH and optional proxy/timeout flags in duckse, which are proportional to a CLI search tool.
Persistence & Privilege: okThe skill does not request always:true or any permanent elevated presence. It's instruction-only and user-invocable; there is no indication it modifies other skills or system-wide agent configurations.