Back to skill
Skillv1.5.1
ClawScan security
Scaffold · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 21, 2026, 10:07 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's scaffolding workflow is plausible, but it asks to create repos and push to GitHub and to inspect other projects without declaring any credential requirements or clarifying what remote access it will use — that mismatch and the breadth of code-reading deserve review before installation.
- Guidance
- Before installing or invoking: 1) Confirm how the skill will authenticate to GitHub — does it expect an existing SSH key or a GITHUB_TOKEN set in the agent environment? If automatic GitHub pushes are expected, require an explicit token or consent prompt. 2) Ask what SoloGraph/Context7 MCP access scopes are and whether they will read private repositories or metadata; if you don't want cross-repo analysis, disable those MCP calls or restrict the sibling projects. 3) Be aware the skill will create ~/.solo-factory/defaults.yaml and write files under your projects_dir; review that file and the generated repo before any remote push. 4) If you are uncomfortable with automatic remote pushes, run the scaffold locally (generate files) and perform git init/git push manually after reviewing. 5) If you want higher assurance, request the skill author to declare required env vars (e.g., GITHUB_TOKEN, optionally GIT_SSH_COMMAND or path to ssh key) and to include a dry-run/preview-only mode that never performs network pushes.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to create a git repo and push to GitHub, and to study existing projects via SoloGraph/Context7. However, requires.env lists no GitHub token, SSH key, or other credentials; install spec is absent. Pushing to GitHub and interacting with org-level code normally requires explicit credentials or a declared auth flow. The skill also persists org defaults under ~/.solo-factory which is reasonable for a scaffolder, but that does not justify omitting GitHub auth details.
- Instruction Scope
- noteSKILL.md explicitly instructs the agent to read local templates, PRD files, and to analyze sibling projects via multiple MCP SoloGraph calls (project_info, code_search, codegraph_explain, et cetera). This is coherent with the stated goal (making generated projects consistent with portfolio), but it means the skill will access other projects' source and metadata — potentially sensitive — and will create files in the user's home and projects directory. The SKILL.md limits sibling-project research to 2–3 projects, which mitigates but does not eliminate privacy risk.
- Install Mechanism
- okInstruction-only skill with no install steps and no code files. This is the lowest install risk: nothing is downloaded or written by an installer beyond what the instructions themselves create at runtime.
- Credentials
- concernNo required environment variables or primary credential are declared, yet the skill intends to push to GitHub and may interact with Context7 and SoloGraph MCPs. That omission is disproportionate: at minimum a GITHUB_TOKEN or an explicit note that the agent will use existing local git/SSH config should be declared. It also writes ~/.solo-factory/defaults.yaml (containing org_domain, github_org, apple_dev_team) which could be sensitive; the skill does prompt the user for those values but will persist them.
- Persistence & Privilege
- noteThe skill writes persistent config to ~/.solo-factory/defaults.yaml and creates project directories/files under the user's projects_dir. It does not request always:true and does not modify other skills. Persisting org defaults and generating repo files is reasonable for scaffolding but users should be aware it will leave files on disk and may push to remote repositories if credentials are available in the environment.