Back to skill
Skillv0.1.0
ClawScan security
ClawGuard Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 9:23 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and behavior are consistent with a security-scanner role, but it relies on running a third‑party npm package via npx (no install spec or checksum) so exercise caution before executing/downloading it.
- Guidance
- This skill appears to do what it says: run an npm-based scanner against skill directories. Before you run it, verify the clawguard npm package and GitHub repo (author, recent activity, package name/version), prefer running it in an isolated environment (container or VM), avoid 'npm install -g' unless you trust the publisher, and consider using 'npx --package clawguard@<version>' or inspecting the package tarball before executing to pin a trusted version. If you need higher assurance, ask for a reproducible install spec (source URL, SHA256 or a pinned version) or scan the package contents yourself before running.
Review Dimensions
- Purpose & Capability
- okName and description describe a security scanner and the only declared requirement is 'npx', which matches the instructions to run 'npx clawguard'. The requested capabilities align with the stated purpose.
- Instruction Scope
- noteSKILL.md contains clear, narrowly scoped instructions for scanning skill directories and interpreting results. It does instruct the agent to always run a scan before installing — a strong rule but consistent with the skill. It also tells the user to run 'npm install -g clawguard' if ClawGuard is not installed, which expands scope to performing system installs if the package is not present.
- Install Mechanism
- concernNo install spec is provided; the skill relies on 'npx clawguard' (or optionally a global 'npm install -g clawguard'). That means running code fetched from the npm registry at runtime with no pinned version, checksum, or guidance to verify publisher/trust. For a security tool this is functionally coherent but increases risk because arbitrary remote code will execute.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. SKILL.md does not request secrets or unrelated credentials. This is proportionate to being a scanner.
- Persistence & Privilege
- okThe skill is instruction-only, has no install hooks, and 'always' is false. It does not request persistent privileges or modify other skills' configs in the instructions.