Skillv1.0.6

ClawScan security

mano-afk · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 8:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are coherent with an autonomous app-builder: it installs via a Homebrew formula, operates inside a project folder, and only optionally uses an external API key for cloud E2E testing.
Guidance: This skill appears internally consistent with its purpose, but it performs powerful actions: it will create a project directory, install tooling (potentially via Homebrew), run builds, start local servers, and install dependencies from package registries. Before installing or running it: 1) Review the referenced Homebrew formula and GitHub repo so you know what the installer does. 2) Use Step 0 (the single interactive consent) to limit features you don't want (e.g., skip cloud E2E). 3) Prefer running the skill in an isolated environment (VM, container, or throwaway mac) if you are concerned about global installs or network access. 4) If you enable cloud E2E, only provide API keys you are comfortable storing in the project deploy/.env (gitignored), and verify that file is not committed. 5) If you need tighter controls, inspect the generated progress.md/PRD before allowing autonomous execution beyond Step 0.

Review Dimensions

Purpose & Capability: okThe skill claims to build full applications and its instructions describe creating project directories, installing deps, starting servers, deploying, and testing — all expected for an end-to-end builder. Only `curl` is declared as a required binary because the skill defers tech-stack-specific tooling (node, python, etc.) to build time; the SKILL.md explicitly documents that other toolchains will be used as needed. This is a reasonable design choice and not disproportionate to the stated purpose.
Instruction Scope: okThe SKILL.md and the references fully describe what the agent will read/write and run. Actions (installing dependencies, starting servers, running tests) are confined to a new project directory or the skill's references/ directory per the instructions. The skill documents explicit safety boundaries (do not read ~/.zshrc, do not write outside project/skill folder). It will contact external package registries during dependency installs and optionally use Anthropic for cloud E2E tests — both are explained. No instructions request unrelated system data or unrelated credentials.
Install Mechanism: okInstall uses a Homebrew formula (Mininglamp-AI/tap/mano-afk) which builds from public source and the SKILL.md points to the GitHub repo and releases. This is a standard, low-risk install path compared to raw downloads from arbitrary URLs. The install may perform standard global installs via brew (normal on macOS) and the README notes how the formula is sourced.
Credentials: okNo environment variables are required to use the skill. `ANTHROPIC_API_KEY` is explicitly optional and only needed for optional cloud-based E2E testing; the skill documents that it would be stored in the project's gitignored deploy/.env if configured. There are no unexpected or unrelated credential requests.
Persistence & Privilege: noteThe skill is not force-enabled (always:false) and does not declare elevated privileges. It persists learned rules/preferences inside its own references/ folder and project directories only, per documentation. Note that it is designed to run autonomously after the single interactive Step 0 — this is expected for an autonomous builder but means users should confirm permissions during Step 0 (the skill will install tools, create files, and start services inside the project).