Skillv1.0.0

ClawScan security

Huadafenqi Github · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 1:11 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions are limited to running the gh CLI (which matches the description), but metadata mismatches and inconsistent packaging fields suggest the published bundle may have been copied or repackaged — verify the author/source before installing.
Guidance: This skill's behavior (running gh commands) matches its description and it doesn't request credentials, but the package metadata contains inconsistent values (different ownerId, differing version, and a declared main index.js that isn't present). That can indicate careless repackaging or a copy-paste error — sometimes a sign of an untrusted source. Before installing, confirm the author's identity or prefer an official/known GitHub integration. Also ensure you have the gh CLI installed and configured (gh auth) on the environment you plan to use; the skill will act using whatever account gh is authenticated with. If you plan to grant the agent autonomous invocation, consider limiting that until you verify the skill's provenance.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a simple GitHub CLI helper and the runtime instructions are limited to gh commands, which is appropriate for the stated purpose. However, the bundled metadata files are inconsistent: skill.json shows a different name, version (0.1.0) and a main entry (index.js) that does not exist in the package; _meta.json lists a different ownerId than the registry metadata. These discrepancies are not required for the skill's stated purpose and suggest sloppy or possibly tampered packaging.
Instruction Scope: okSKILL.md only instructs the agent to run gh CLI commands (gh pr, gh run, gh api, etc.) and to use --repo when appropriate. It does not ask the agent to read arbitrary files, access unrelated environment variables, or send data to external endpoints beyond GitHub CLI usage.
Install Mechanism: okThere is no install spec (instruction-only), so nothing is downloaded or written to disk by the skill itself. This lowers risk compared with downloadable installs.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The gh CLI normally uses its own authentication (gh auth) configured by the user; the skill does not request additional secrets. This is proportionate to the described functionality.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable; it does not request any special persistence or elevated platform privileges. Autonomous invocation is allowed (platform default) but not combined with other concerning flags.