Skillv1.0.1

ClawScan security

Clawhub Gate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 30, 2026, 2:26 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill implements a coherent pre-publish gate (local static scans + ClawScan polling) and only requests the access it needs (reads ClawHub token from the declared config and talks to ClawHub's API); no signs of hidden exfiltration or unrelated credential requests were found.
Guidance: This script appears to do exactly what it says: run shellcheck/bandit, optionally perform a publish (clawhub sync), and poll ClawScan using the token in ~/.config/clawhub/config.json. Before running: - Review the full script (the provided file) yourself, especially the truncated tail, and confirm you trust it. - Use the --local-only flag for quick checks if you do NOT want the script to call 'clawhub sync' and publish automatically. - Understand that the script reads your ClawHub token from ~/.config/clawhub/config.json and uses it to query https://clawhub.ai; ensure that token has appropriate (minimal) privileges. - Install required tools (shellcheck, bandit, python3, clawhub) from trusted package sources. The SKILL.md mentions jq but the script uses Python for JSON — this is a minor inconsistency, not a security issue. - Run this in a safe environment (non-production account or a test user) the first time to confirm behavior. If you want stronger safety, inspect or run the script with network calls disabled to verify local static analysis behavior only.

Review Dimensions

Purpose & Capability: okName/description (pre-publish security gate) match the actual behavior: run shellcheck/bandit, run/trigger clawhub sync, and poll ClawScan via the ClawHub API. Required config path (~/.config/clawhub/config.json) is declared and used to read the token for API polling — this is expected for the stated purpose.
Instruction Scope: noteSKILL.md and the script stay within the gate's scope: static analysis, publishing, and polling ClawScan. The script reads the clawhub config token (declared) and queries only the ClawHub API (https://clawhub.ai). Note: the script will run an actual 'clawhub sync' (it publishes/updates the skill) unless run with --local-only — this is potentially destructive if used unintentionally, so the user should be aware.
Install Mechanism: okNo install spec is provided (instruction-only skill). SKILL.md suggests installing bandit and shellcheck via system package managers; that is a low-risk, expected instruction for these tools. Nothing is downloaded from arbitrary URLs or written by an install step.
Credentials: noteNo environment variables or external credentials are required beyond the ClawHub token in the declared config path. Reading the token from ~/.config/clawhub/config.json is proportional to the need to poll ClawScan. Minor mismatch: SKILL.md lists 'jq' as required but the script uses Python JSON parsing for API responses; check_deps() also does not verify 'python3' or 'clawhub' though they are required by runtime — this is an engineering inconsistency but not a security red flag.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does run the user's clawhub CLI (which requires the user to be logged in) and will publish when invoked — this is expected behavior for a publish gate and does not modify other skills' configurations.