Skillv1.0.0

ClawScan security

Admin Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 10:46 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (admin CLI) matches the commands in SKILL.md, but the instructions reference platform-specific privileged tools (pacman, systemd) while the metadata fails to declare required binaries or an OS restriction and provides no source—this mismatch and the ability to perform privileged operations warrant caution.
Guidance: This skill would let an agent run package upgrades and restart systemd services as a privileged user. Before installing: 1) Confirm you run a pacman/systemd system (Arch/derivative); the SKILL.md is Arch-specific but the registry metadata does not say so. 2) Only enable the 'elevated' permission for this skill if you trust its source—there is no homepage or publisher info. 3) Prefer manual invocation (do not allow autonomous runs) or require an explicit approval step before any restart/update. 4) If you must use it, restrict which services can be restarted (whitelist) and consider controlling privilege escalation with sudoers rules rather than granting blanket root. 5) If you are uncomfortable or cannot verify the author, do not install—use well-audited tooling from known sources instead.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes administrative actions (package upgrades, restarting systemd services, checking OS/uptime), which is consistent with the name. However, it specifically uses pacman and systemd, yet the registry metadata declares no required binaries and no OS restriction—this is an incoherence (pacman/systemd are Linux/Arch-specific). The skill also lacks a source/homepage, reducing traceability.
Instruction Scope: noteInstructions are short and narrowly scoped to three commands: update-system (pacman -Syu), restart-service <service> (systemctl restart), and check-status (OS version and uptime). They do not instruct reading other files or exfiltrating data. However, they require elevated privileges and allow restarting arbitrary services (no safety checks or service whitelisting), which is powerful and potentially disruptive.
Install Mechanism: okInstruction-only skill with no install spec or code files; this is the lowest install risk (nothing is written to disk by the skill itself).
Credentials: concernNo environment variables or credentials are requested, but the SKILL.md demands elevated privileges via an 'elevated' flag in agent configuration. The skill fails to declare this requirement in the metadata (no required config paths or primary credential) and gives no justification for needing system-wide privileges. Requiring root-like access without clear constraints is disproportionate.
Persistence & Privilege: okalways is false and there is no indication the skill modifies other skills or system-wide settings. Note: the skill can be invoked autonomously (default), which combined with privileged operations increases potential impact—consider restricting autonomous invocation for this skill.