Skillv1.2.1

ClawScan security

IdleClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 6:49 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, scripts, and runtime instructions are consistent with its stated purpose (sharing/consuming Ollama inference) and do not request unrelated credentials or perform unexpected local actions.
Guidance: This skill will make your local Ollama models available to an external routing server (by default https://api.idleclaw.com) and will forward chat prompts to community nodes when consuming. It does not request passwords or API keys, nor does it execute shell commands or read arbitrary files, but it does transmit the text of prompts and model outputs to an external service—treat that as potential data leakage. Before installing: (1) review and trust the routing server you will use (set IDLECLAW_SERVER to a self-hosted endpoint if you prefer), (2) inspect install.sh and the pip requirements and consider installing into a virtualenv, (3) run contributors in an isolated machine or VM if you are concerned about exposing prompt content, and (4) if you need stronger guarantees, host the routing server yourself and re-audit both server and client code. The repository/packaging inconsistency (registry claims no install spec while an installer and requirements exist) is a minor red flag—confirm the intended install steps before proceeding.

Review Dimensions

Purpose & Capability: okName/description match the required binaries (python3, ollama) and the included scripts: contribute.py registers local Ollama models and relays inference, consume.py posts prompts to the routing server, and status.py queries server health. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: okSKILL.md accurately describes network interactions. The code implements the described behaviors: WebSocket registration, forwarding JSON inference params to local Ollama, streaming JSON responses back, and client-side validation and limits. The scripts do not spawn shells, read arbitrary files, or access secrets beyond optional environment variables (IDLECLAW_SERVER, OLLAMA_HOST).
Install Mechanism: noteThe repository includes an install.sh that runs pip install -r requirements.txt (packages: ollama, websockets, python-dotenv, httpx). This is a typical Python install flow and does not download arbitrary artifacts, but the registry metadata indicated 'no install spec' while files include an installer—this packaging inconsistency is worth noting. Installing Python packages will write to disk and add dependencies to your environment.
Credentials: okNo required secret env vars are declared. Optional env vars used by the code are IDLECLAW_SERVER and OLLAMA_HOST (both non-secret configuration). The skill does not request unrelated cloud credentials or tokens.
Persistence & Privilege: okThe skill is not always-enabled, is user-invocable, and does not modify other skills or system-wide agent settings. It does not persist user data to disk. It opens network connections to the routing server as expected for its function.