Back to skill
Skillv1.0.0
ClawScan security
Box · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 1:05 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions align with its stated purpose (using the Box CLI in headless environments); it asks for Box credentials that are necessary for operation and does not request unrelated access.
- Guidance
- This skill appears to be what it says: a wrapper for the official Box CLI in headless environments. Before installing, ensure you: (1) have the official 'box' CLI installed (the SKILL.md suggests the npm package @box/cli); (2) provide Box credentials yourself (CCG JSON or JWT JSON or env vars) and store them outside the workspace with restrictive permissions (e.g., /data/.secrets, chmod 600); (3) grant the least-privilege scopes to the service account (avoid enterprise-wide rights unless necessary); (4) do not commit credential files to source control; and (5) remember that any agent actions will act with the privileges of the provided credentials — review and limit those credentials accordingly.
Review Dimensions
- Purpose & Capability
- okName/description (Box CLI for files, metadata, Box AI) match the SKILL.md instructions. The skill requires the 'box' binary and describes using Client Credentials Grant (CCG) or JWT — these are expected for headless Box CLI automation.
- Instruction Scope
- noteInstructions focus on configuring the Box CLI, creating credential JSON (or using env vars), registering environments with 'box configure', and running Box commands (upload, download, search, Box AI). It instructs creating credential files under /data/.secrets and setting file perms (chmod 600), which is reasonable for the stated purpose. No instructions request unrelated system data or external endpoints. Note: examples include shell heredocs with env var substitution — ensure env vars and files are kept secure and not accidentally logged or committed.
- Install Mechanism
- noteThe skill is instruction-only (no install spec in registry), but SKILL.md metadata suggests installing the official @box/cli via npm (producing the 'box' binary). This is a low-risk, standard installation path; no arbitrary download URLs or extraction steps are present.
- Credentials
- okThe only secrets discussed are Box credentials (BOX_CLIENT_ID, BOX_CLIENT_SECRET, BOX_ENTERPRISE_ID) or JSON config files for CCG/JWT — these are directly required for Box CLI headless auth. No unrelated credentials or broad environment access are requested.
- Persistence & Privilege
- okThe skill does not request always:true, does not alter other skills' configs, and is user-invocable. It requires no persistent platform privileges beyond normal use of the Box CLI and provided credentials.