Back to skill
Skillv1.0.0
ClawScan security
duely · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 16, 2026, 5:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent: it wraps a macOS CLI (duely) installed from a Homebrew tap and its instructions stay within that local CLI's scope, but you should verify the third‑party Homebrew tap before installing.
- Guidance
- This skill appears to do what it says: run the local duely CLI to track recurring tasks and store data under ~/.duely/. Before installing, inspect and trust the Homebrew tap (halbotley/tap) and the formula source (use brew info, brew edit, or view the tap repo) because third‑party taps can deliver arbitrary binaries. If you prefer more control, build or review the binary yourself or run it in an isolated environment. Also note the agent may run duely automatically (default); if you don't want autonomous runs, adjust the skill/agent invocation settings.
Review Dimensions
- Purpose & Capability
- okName, description, required binary (duely), and usage examples all align: this is a local CLI for recurring tasks. No unrelated credentials, binaries, or paths are requested.
- Instruction Scope
- okSKILL.md instructs only running the duely CLI (list, due, run, log, add, remove) and notes data is stored locally at ~/.duely/. It does not ask for system-wide credentials, other files, or exfiltration to external endpoints.
- Install Mechanism
- noteInstallation is via a Homebrew formula from a third‑party tap (halbotley/tap). Brew formulas are normal, but third‑party taps can install arbitrary binaries — verify the tap and formula source before installing.
- Credentials
- okNo environment variables or credentials are requested. The only persistent data location is ~/.duely/, which is consistent with the described purpose.
- Persistence & Privilege
- okalways is false and the skill does not request elevated privileges or modify other skills' configs. The agent can invoke the skill autonomously (platform default); this is expected for an agent-integrated CLI.