Skillv1.0.0

ClawScan security

This skill informs the agent how to use Viam CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 27, 2026, 12:25 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only guide for using the Viam CLI and its requested actions (brew install, running viam commands, remote shell, data operations) are consistent with that purpose.
Guidance: This skill is an instruction-only guide for the Viam CLI and appears internally consistent. Before installing or allowing any operations: (1) only permit the Homebrew install if you trust the source and you want the Viam CLI on your machine; (2) when the agent requests to perform destructive actions (delete, create API keys, open remote shells, copy files), confirm each action explicitly and review the exact command it will run; (3) do not paste secrets into chat — use viam login in your terminal or your platform's environment injection as recommended; (4) note the SKILL.md included a requirement block (anyBins: ["viam","brew"]) even though the registry metadata listed none — this minor mismatch is likely benign but worth noting; (5) if you need higher assurance, ask the skill author/source or request the full, untruncated SKILL.md (the provided content was truncated) before proceeding.

Purpose & Capability: okThe name/description claim to manage the Viam CLI and related Viam platform resources; the instructions cover installing the CLI, authenticating, managing machines, datasets, pipelines, and modules — all coherent with a Viam CLI manager.
Instruction Scope: noteInstructions include powerful platform operations (creating API keys, deleting data, opening remote shells, copying files via WebRTC, hot-reloading modules). Those actions are within scope for a Viam CLI controller but are high-risk operations for a user account — the SKILL.md does include guardrails (confirm before destructive ops, prefer read-first). Verify confirmations are actually observed before destructive commands are run.
Install Mechanism: okNo install spec files — instruction-only. The install path uses Homebrew (brew tap + brew install viam) which is a standard package manager and proportional to the stated purpose.
Credentials: okThe skill declares no required environment variables. The SKILL.md advises not to paste API keys and to use viam login or environment injection; that is proportional. There are no requests for unrelated credentials or secrets in the manifest.
Persistence & Privilege: okalways:false and model invocation allowed (default). The skill does not request persistent system-wide changes beyond recommending using the viam CLI. It does not request to modify other skills or system-wide configs in the provided instructions.