Back to skill
Skillv0.1.0
ClawScan security
botauth · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 3:30 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is coherent with its stated purpose (using the local botauth CLI to fetch secrets with desktop approval); it asks for nothing extra, but note small metadata and install-documentation gaps and the normal risk of giving an agent access to secrets if you approve requests.
- Guidance
- This skill is consistent with its description: it runs your local 'botauth' CLI to fetch secrets and relies on desktop approval prompts. Before installing/using it: 1) verify you trust the botauth CLI package source (README suggests npm @botauth/cli) and install only from the official package or vendor; 2) be aware that if the agent invokes the skill and you approve a request, the agent will receive the secret value (avoid persisting it to files and clear env vars after use); 3) consider disabling autonomous invocation of the agent or requiring explicit user confirmation for actions that retrieve secrets; and 4) note the minor metadata mismatch (registry didn't declare the botauth binary requirement) — confirm the 'botauth' CLI is present on hosts where the agent will run.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md, README, and manifest consistently describe retrieving secrets from a local botauth vault via the botauth CLI and desktop approval prompts. However, registry metadata lists no required binaries while the instructions explicitly require a 'botauth' CLI on PATH — a minor metadata mismatch.
- Instruction Scope
- okInstructions are narrowly scoped to running botauth commands (status, search, list, get, add), parsing JSON output, and exporting retrieved secrets for use. They do not instruct reading unrelated files, contacting external endpoints, or exfiltrating data to third parties. The workflow explicitly expects user approval for secret retrieval.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec). README suggests installing the CLI with 'npm install -g @botauth/cli', but the registry has no formal install step — the skill will rely on a preinstalled CLI. That is reasonable but means the user/host must vet the CLI package source before installing.
- Credentials
- okThe skill does not declare or request environment variables or credentials. It does, however, guide retrieving sensitive values and exporting them into the agent's runtime environment for task use — this is expected for a secret-retrieval helper but increases sensitivity: any retrieved secret becomes accessible to the agent session if you approve retrieval.
- Persistence & Privilege
- notealways:false and normal autonomous invocation are set. Autonomous invocation plus secret retrieval increases blast radius only if the agent is allowed to call the skill and a user approves retrieval prompts. Consider whether you want the agent to be able to call this skill autonomously.