Skillv1.0.0

ClawScan security

DevOps Ops Bot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 11:35 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (server health checks and auto-restart) matches its instructions, but the runtime guidance encourages fetching and executing remote code (npx, curl|bash) and running arbitrary restart commands — behaviors that increase risk and deserve manual review before use.
Guidance: This skill is coherent with its stated purpose, but it asks you (in SKILL.md) to fetch and run remote code (npx and a curl|bash installer) and to possibly run arbitrary restart commands. Before installing or running it: 1) Inspect the upstream repository (https://github.com/gruted/devops-ops-bot) and the install.sh script to verify what will be executed. 2) Prefer running the official Docker image or a pinned npm package version over piping a script to bash. 3) Do not run it as root; run in a constrained account or container for testing. 4) Avoid passing sensitive webhook URLs or credentials to untrusted code. 5) If you plan to use --restart-cmd, ensure the restart command is safe and that the agent/process has only the minimal privileges needed. If you cannot review the upstream code, treat this skill as untrusted and test in an isolated environment first.

Review Dimensions

Purpose & Capability: okName/description (server health monitoring, Slack/Discord alerts, auto-restart) align with the instructions and required binary (node). The examples and install targets (npm package, npx, Docker image) are coherent for a Node-based CLI monitoring tool.
Instruction Scope: concernInstructions tell the agent/user to run npx/@gruted/devops-ops-bot and provide examples that accept a --restart-cmd (arbitrary shell command). Running npx or executing a user-provided restart command gives the tool (or whoever runs it) the ability to execute arbitrary code/commands on the host; the SKILL.md does not place constraints or safeguards on those actions.
Install Mechanism: concernInstall examples include npm install -g, npx usage, a Docker image (ghcr.io) and a curl -fsSL raw.githubusercontent.com | bash one-liner. While GitHub raw and ghcr.io are common hosts, piping a remote script to bash is a high-risk pattern because it executes remote code without inspection.
Credentials: okThe skill declares no required environment variables or credentials. Its use of webhook URLs and restart commands is driven by CLI flags/examples rather than hidden env requests, which is proportionate to the stated functionality.
Persistence & Privilege: notealways is false and there is no install spec that modifies other skills. However, because the tool can be invoked autonomously (platform default) and can auto-restart services, autonomous runs could have significant impact if the tool or its upstream code is malicious or compromised.