Skillv2.0.0

ClawScan security

BMad Method · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 10:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instructions-only wrapper for an npm package (npx bmad-method) with no source or homepage listed — functionally coherent with its description but it asks you (or the agent) to fetch and run external code from an unverified package, which is risky and unexplained.
Guidance: This skill is instruction-only and asks you (or the agent) to run 'npx bmad-method install', which will download and execute an npm package whose source and homepage are not provided in the registry metadata. Before installing or allowing an agent to run this: 1) Verify the npm package and publisher (look up 'bmad-method' on the npm registry and inspect the publisher and package versions). 2) Find the source repository (GitHub or other) and review the code (especially install/postinstall scripts). 3) Prefer installing in an isolated environment or disposable container/CI workspace, not on your primary machine. 4) Ask the skill author for a verified release URL, checksum, or a pinned commit/tag. 5) Do not grant this skill autonomous execution rights in sensitive contexts until provenance is confirmed. If you cannot verify the package source and contents, treat it as potentially unsafe.

Review Dimensions

Purpose & Capability: noteName/description (an AI-driven agile framework) align with the SKILL.md commands (npx bmad-method install, modules, workflows). However the registry metadata lacks a homepage or source repository, so while the requested actions are plausible for this purpose, there's insufficient provenance for the external package the skill asks you to run.
Instruction Scope: concernThe runtime instructions explicitly instruct running 'npx bmad-method install' (including variants for CI). Those commands will fetch and execute remote code at runtime. The SKILL.md does not limit or verify what that code does, nor does it constrain the environment or warn about side effects. The instructions do not request unrelated files/envs, but they delegate potentially broad actions to an external package.
Install Mechanism: concernThere is no formal install spec in the registry; instead the SKILL.md relies on npx to pull a package from the npm ecosystem. npx executes code downloaded from the registry which can run arbitrary install or postinstall scripts. With no declared source URL, checksum, or repo, this is a moderate-to-high risk install mechanism for an instruction-only skill.
Credentials: okThe skill declares no required environment variables, credentials, or config paths, which is proportionate to a documentation/command wrapper. Note: the external npm package that the SKILL.md instructs you to run could itself prompt for or read secrets, but that behavior is not declared here.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges in the metadata. It is user-invocable and allows autonomous model invocation (platform default). The main persistence risk comes from running the external installer (npx) which may write files into the project directory, but the skill metadata itself does not request persistent platform presence.