Skillv1.0.0

ClawScan security

VPS Health Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 2:41 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a small SSH-based VPS checker that appears to do what it says, but packaging and instructions are inconsistent (missing Ollama integration and template), it fails to declare required tooling, and it asks the user to supply sensitive SSH credentials without guidance — review before use.
Guidance: This skill is basically a simple SSH-based healthcheck script but has packaging and documentation gaps you should address before using it on real servers. Actions to consider before installing or running: 1) Ask the author for the missing report/template and for concrete instructions showing how Ollama is called and where reports are stored or transmitted. 2) Confirm required tooling (ssh, systemctl, top, df, free, ip/ifconfig) are declared. 3) Never provide your long-term private key to a third-party agent; prefer using a temporary key or running the script yourself locally and pasting non-sensitive output. 4) Remove or justify -o StrictHostKeyChecking=no to avoid MITM risk, and prefer verifying host keys. 5) Test on a non-production server first. 6) If you plan to let the agent run autonomously, be aware it could use any credentials you give it to access servers — only grant least privilege and short-lived credentials. If the author cannot explain the missing Ollama integration and the absent template, treat the package as incomplete and avoid handing over secrets.

Review Dimensions

Purpose & Capability: concernThe name/description claim Ollama-powered report generation, but there is no code, env var, or instructions that integrate with Ollama and the referenced reports/template.md is not included. The shipped artifact is only a simple SSH-based healthcheck script — report-generation claims are unfulfilled.
Instruction Scope: concernSKILL.md instructs running the script with a host, user, and private key path (e.g., ~/.ssh/id_rsa). The script itself performs SSH and runs system inspection commands only. There are no instructions for how the agent should call Ollama or where reports are generated. The explicit example encourages providing a private key path, which is sensitive; the skill does not warn about credential handling or the risks of StrictHostKeyChecking=no.
Install Mechanism: okThis is an instruction-only skill with no install spec and a single small script. That lowers installation risk because nothing is downloaded or written automatically.
Credentials: concernNo environment variables, binaries, or credentials are declared, yet the script requires SSH to be present and expects a private key path. Asking users to supply private keys (or to run the agent with access to them) is sensitive and should be explicitly declared and justified. The skill also disables strict host key checking, which weakens SSH authenticity protections.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system-wide changes. Autonomous invocation is allowed by platform default; nothing in the package requests elevated platform privileges or modifies other skills.