Skillv1.0.1

ClawScan security

x-cmd · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 11:20 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions are internally consistent with a user-local portable package manager, but it relies on downloading and executing remote install scripts (including a curl | sh option) which carries documented supply-chain risk — prefer the Homebrew path or manual review.
Guidance: This skill appears to be what it says (a user-local portable package manager) and documents safer and riskier install options. Before installing: prefer the Homebrew bottle if available; if you must run a script from get.x-cmd.com, download it first and inspect it (do not pipe to sh). Do not use auto-install in environments that contain secrets or long-lived credentials. Verify SHA256 checksums for downloaded binaries and prefer Homebrew or manual review for production systems. If you allow an agent to install on your behalf, require explicit consent and specify the install method. If you decide not to install, the SKILL.md is otherwise safe to read — but avoid running unreviewed remote installers.

Review Dimensions

Purpose & Capability: okName/description (x-cmd as a portable tool/package manager) match the SKILL.md and install guide. The skill does not request unrelated credentials or files and the commands it describes (sourcing ~/.x-cmd.root/X, running `x env use ...`, `x skill`) are consistent with that purpose.
Instruction Scope: noteSKILL.md itself is focused on using the x-cmd loader and available packages. The included install.md expands runtime guidance and explicitly instructs downloading and executing remote install scripts. It also documents agent behavior (check for installation, ask user before installing, prefer safe methods). This is reasonable, but the instructions do present pathways (auto-install via curl | sh) that execute remote code without prior user review — a high-risk action that the document does warn about.
Install Mechanism: concernThere is no bundled code, but the install guide lists three install mechanisms: Homebrew (low risk), manual download-then-review (medium), and a one-liner curl -fsSL https://get.x-cmd.com | sh (high risk). The get.x-cmd.com endpoint is a custom domain; auto-install executes remote code before checksum verification. These facts raise supply-chain and execution risk even though the guide correctly labels the risks and recommends safer options.
Credentials: okThe skill does not request any environment variables, credentials, or privileged config paths. All installation and runtime actions are described as user-local (~/.x-cmd.root/) with no sudo required, which is proportionate to a user-space package manager.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated persistent system privileges. Installation is user-local and removal instructions are provided. The skill does not attempt to modify other skills or system-wide agent settings.