Skillv1.0.2

ClawScan security

AgentFiles · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 25, 2026, 11:07 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a thin, coherent wrapper around the AgentFiles CLI and asks for the expected CLI binary/config; it behaves as described but will publish local conversation/files to the AgentFiles service and requires network/browser onboarding, so users should review what they publish.
Guidance: This skill is a CLI wrapper that will upload or share files and conversation content to the AgentFiles/MCP service. Before installing or using it: (1) Understand that publishing can send verbatim conversation text and files off the machine—do not publish secrets or private data; (2) Expect the installer to fetch agentfiles-cli from npm (network access) and a browser-based onboarding flow that writes credentials to ~/.attach/config.json; (3) Confirm every handoff/publish operation when prompted; (4) If you require stricter control, run agentfiles whoami / agentfiles config --show to verify the active identity and namespace before publishing; (5) If you need greater assurance, review the agentfiles-cli package on npm (and its source) before allowing the install or network access.

Review Dimensions

Purpose & Capability: okName/description match the requested resources: node + agentfiles CLI (or npx fallback) and the ~/.attach/config.json CLI config are appropriate for a CLI wrapper that publishes/fetches artifacts across runtimes.
Instruction Scope: noteRuntime instructions consistently direct the agent to use the agentfiles CLI or the MCP artifact_publish tool for handoffs. The skill explicitly allows publishing conversation content and files (including verbatim content) to the AgentFiles/MCP server — this is expected for a handoff/publish skill but is a privacy consideration. The skill requires user confirmation before publishing per its rules.
Install Mechanism: okInstall uses the npm package agentfiles-cli (creates an agentfiles binary). This is an expected, reasonable mechanism for a Node-based CLI. It will require network access on first install; no obscure download URLs or archives are used.
Credentials: noteNo environment variables or external credentials are requested, but the skill reuses local CLI config (~/.attach/config.json) which will contain tokens/credentials obtained via a browser-approved flow. Access to that config and the CLI's auth is proportionate to the skill's purpose but could expose existing credentials/artifact visibility if misused.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills' configuration. Autonomous invocation is allowed by default but is typical for skills and not, by itself, a flag.