Skillv1.0.0

ClawScan security

Acorn Prover · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:48 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement an Acorn proof-workflow and is generally coherent, but it omits declaring that it requires the external 'acorn' CLI (and optionally 'mise') and writes a config file in the skill directory — a modest mismatch that you should verify before use.
Guidance: This skill looks like a legitimate wrapper for running the Acorn theorem prover but has a small inconsistency you should be aware of: it expects the 'acorn' CLI (and will use 'mise' if present) even though those binaries are not listed in the skill metadata. Before installing or running: (1) confirm you have a trusted 'acorn' binary on your PATH (and 'mise' if you want that path), (2) ensure you are comfortable that the skill will write a skills/acorn-prover/config.env file containing the two paths you provide, and (3) do not point ACORN_LIB or ACORN_PROJECT at sensitive or system directories. If you need higher assurance, inspect or run the acorn binary and mise in a sandbox, and consider requesting the publisher to update the skill metadata to declare required binaries.

Review Dimensions

Purpose & Capability: concernThe skill's name, description, and instructions align: it expects an Acorn CLI and an acornlib/project path and runs acorn commands. However, the registry metadata lists no required binaries or credentials even though SKILL.md assumes the 'acorn' CLI is on PATH and will optionally call 'mise' if present. This omission is an incoherence (declared requirements don't fully match runtime expectations).
Instruction Scope: okSKILL.md limits actions to asking the user for two paths, validating them, running the provided setup.sh (which writes a local config.env), sourcing that config, and invoking acorn/mise commands against the user-supplied project. It does not instruct the agent to read unrelated system files, transmit data to external endpoints, or access unrelated credentials.
Install Mechanism: okThere is no install spec (instruction-only), and the only script included is a small setup.sh that validates directories and writes config.env inside the skill directory. No remote downloads or archive extraction are performed.
Credentials: noteThe skill stores configuration in a local config.env (ACORN_LIB, ACORN_PROJECT, USE_MISE) rather than requiring platform-level environment variables or secrets — this is proportional. Note: the skill does not declare that it requires the acorn or mise binaries, so the metadata understates the runtime environment needs.
Persistence & Privilege: okThe skill does write a single config.env file into its own skill directory during setup, which is expected behavior for configuration. It does not request always:true or other elevated persistent privileges, and it does not modify other skills or system-wide settings.