Skillv0.1.0

ClawScan security

Project Code Standard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 2:33 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions align with a code-quality tool, but it references scripts and asset templates that are not included and would cause the agent to execute project-local scripts or rely on externally installed linters — this mismatch and the potential to run arbitrary repo code warrant caution.
Guidance: This SKILL.md describes reasonable code-quality actions, but it does not include the helper scripts or assets it references. Before installing or invoking the skill, verify where scripts/check_python.py, scripts/check_js.py, scripts/check_general.py and the assets/ templates are expected to come from. If the agent will execute scripts inside your repository, inspect those scripts manually first (or run the skill in a sandboxed copy of the repo). Ensure linters (ruff, black, eslint, prettier) are installed from trusted sources. Be especially cautious about allowing automatic fixes: confirm the skill asks for explicit user permission before modifying files, and consider disabling autonomous execution of fix steps until you have reviewed the tooling and scripts.

Review Dimensions

Purpose & Capability: noteThe skill description (linting/formatting for Python and JS/TS) matches the runtime commands (ruff, eslint, black, prettier) and the described flows. However, SKILL.md repeatedly references helper scripts (e.g., python scripts/check_python.py, scripts/check_js.py, scripts/check_general.py) and an assets/ directory for templates that are NOT provided by the skill package. It's unclear whether those scripts are expected to already exist in the user's project, provided by a separate install step, or omitted — this is an inconsistency between claimed capability and what's actually packaged.
Instruction Scope: noteInstructions stay within the domain of code-quality checks (inspect repo root, run linters, optionally fix files, produce a markdown report). They explicitly say to avoid overwriting existing configs and to ask user confirmation before automatic fixes, which is good. But the instructions direct the agent to execute arbitrary scripts from the project's scripts/ path (if present). Running project-local scripts means the agent could execute arbitrary repository code — functionally relevant but a potentially risky action that the SKILL.md does not advise the user to inspect first.
Install Mechanism: noteNo install spec is provided (instruction-only), which reduces the skill's ability to write files or pull code on install. However, the runtime assumes external tools (ruff, black, eslint, prettier) and non-existent local helper scripts/assets. Because there is no guidance to install these tools from trusted sources or to verify the helper scripts before execution, there is operational ambiguity and a modest risk if the agent runs commands in a repository with untrusted code.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There are no disproportionate credential demands relative to the stated purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent privileges. Autonomous invocation is allowed by default but is expected for this type of skill. There is no indication the skill modifies other skills or system-wide settings.