Skillv1.0.2

ClawScan security

Trinity Lite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 9:07 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to be a local-only Python analysis tool, but no code is provided and the runtime instructions are vague about what local data it will read — the package lacks provenance and is internally inconsistent.
Guidance: Do not run this skill as-is. Before installing or invoking it, ask the publisher for the actual trinity_v15.py source and a clear list of the exact files/paths the tool will read and write. Verify the script (review its code) to confirm it performs only local analysis and has no network calls. Prefer running the script in a sandbox or isolated test account first. Check for a valid homepage/repository and trustworthy provenance; if that cannot be provided, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe description says this is a local data-analysis/self-improvement tool and declares python as the required binary, which is consistent in principle. However, the SKILL.md instructs running 'python trinity_v15.py' but no such file (or any code) is included in the skill bundle. The homepage URL in metadata is malformed and source is unknown, so provenance is poor.
Instruction Scope: concernInstructions say it will 'read local files' and 'check interaction records' but do not specify which files or paths. That open-ended file access is vague and could reach sensitive logs or data. The SKILL.md also repeatedly asserts 'no network requests', but there is nothing to enforce that — the missing Python script could perform network I/O. The combination of vague file access + missing code is a red flag.
Install Mechanism: noteNo install spec and no code files are present, which minimizes direct install risk (nothing will be written by an installer). However, because the only runtime step is executing a non-existent local Python script, the skill as provided is incomplete and unclear about how the executable code would be obtained.
Credentials: concernThe skill declares no environment variables or credential needs, yet claims it will read local interaction records and write logs under data/trinity_log/. Because it doesn't declare which config paths or data it will access, the requested scope (implicit file system reads/writes) is disproportionate to the transparency provided.
Persistence & Privilege: okThe skill is user-invocable and not set to always: true; it does not request persistent platform privileges. That is appropriate and does not add to its risk by itself.