Skillv1.0.0

ClawScan security

Node Transfer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 10, 2026, 4:45 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are coherent with its stated purpose (streaming file transfer between nodes) but it involves running remote scripts and opening ephemeral HTTP ports so you should review the code and operational controls before deploying.
Guidance: This skill appears to do what it says (fast streaming transfers) and doesn't require external credentials, but it does run scripts on remote nodes and opens ephemeral HTTP ports. Before installing: 1) review send.js/receive.js/ensure-installed.js/deploy.js to confirm they only serve intended file paths and that tokens are cryptographically strong and single-use; 2) inspect the PowerShell output from deploy.js to ensure it doesn't modify unrelated system settings or create persistent privileged services; 3) restrict deployments to trusted nodes, enforce firewall rules (limit inbound IPs or bind to non-public interfaces if possible), and test transfers in a safe environment; 4) rotate or limit node.invoke credentials used to deploy these scripts. If you cannot audit the code, consider treating it as high-risk and avoid installing on production systems.

Review Dimensions

Purpose & Capability: okThe SKILL.md and included files (send.js, receive.js, ensure-installed.js, deploy.js) all align with a node-to-node streaming transfer tool. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: noteInstructions tell the agent to deploy and execute Node.js/PowerShell scripts on target nodes and to start ephemeral HTTP servers that serve arbitrary files from disk. That is within the described purpose, but it expands the agent's runtime scope to remote execution and network exposure — review what paths and files the scripts allow being served, and whether servers bind to all interfaces or loopback.
Install Mechanism: okNo external install/downloads are specified; the repository provides the scripts directly. This avoids remote-code-fetch risks, though you should still inspect the bundled deploy.js/PowerShell output before running it.
Credentials: okThe skill does not request environment variables, credentials, or config paths beyond using nodes.invoke to run commands on nodes. That is proportional to a remote deployment/transfer utility; there are no unexplained secret requirements.
Persistence & Privilege: noteThe skill does not set always:true and model invocation defaults apply. However, it instructs installing persistent scripts on nodes (install-once pattern). Installing persistent server code on nodes increases long-term attack surface — ensure deployments are limited to trusted nodes and that auto-shutdown, token lifetimes, and logging are appropriate.