Back to skill
Skillv1.0.0
ClawScan security
Hot Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 7:18 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions are consistent with its stated purpose (monitoring ClawHub trends), request only Node.js and local state files, and do not ask for unrelated credentials or privileged access.
- Guidance
- This skill appears to do exactly what it claims: query the ClawHub API, compute surges, and store local state under ~/.skill-surge-notifier. Before installing, ensure you run it with Node 18+ and are comfortable with it creating files in your home directory and making outbound requests to https://clawhub.ai. If you plan to schedule it (cron or agent heartbeat), be aware it will periodically fetch remote data; consider running in an environment with least privilege (or restrict network access) if you want stronger isolation. If you need higher assurance, review the included source files (fetch_trending.js and surge_check.js) yourself, or run the tool in a sandboxed container. Overall there are no obvious mismatches or secret-exfiltration behaviors in the bundle.
Review Dimensions
- Purpose & Capability
- okName/description say it monitors ClawHub for trending skills; code fetches from https://clawhub.ai/api/v1/skills, computes growth, scores relevance, and writes local state. Required binary is node — appropriate and proportionate.
- Instruction Scope
- okSKILL.md directs running CLI commands, storing state under ~/.skill-surge-notifier, and optionally scheduling via cron. The runtime instructions only read/write those local files and call the ClawHub API; they do not access unrelated system paths or secrets.
- Install Mechanism
- okNo install spec (files are executed in-place). There are source files included but no external downloads or installers — low-risk execution model assuming you run it intentionally with Node 18+.
- Credentials
- okNo required environment variables or credentials. Optional vars (SURGE_DIR, STATE_PATH, CONFIG_PATH, SCHEDULED) only control local paths/behavior. No evidence of requests for unrelated secrets or cloud credentials.
- Persistence & Privilege
- okDoes not request always:true or elevated privileges. It persists only its own state and config under the user's home directory. Agent-autonomous invocation is allowed by default but not combined with other risky behaviors.