Back to skill
Skillv0.1.2
ClawScan security
Coala Client · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 20, 2026, 2:27 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match a coala-client CLI helper, but several instructions allow importing and running third‑party toolsets/skills (from URLs/zips) which can result in executing untrusted code — proceed only if you trust sources and verify the installer origin.
- Guidance
- This skill appears to be a legitimate helper for the coala-client CLI, but be cautious about importing toolsets or skills from remote URLs or zipped archives: those artifacts can contain code (run_mcp.py or other scripts) that the client may execute when you start an MCP server or load a skill. Before installing or using: 1) verify the origin of the 'uv' package (where 'coala-client' comes from), 2) avoid importing skills/toolsets from untrusted/unverified URLs, 3) inspect downloaded zips/local files before import, 4) prefer running MCP/toolsets in an isolated environment or sandbox, and 5) only provide LLM API keys to providers you trust and consider using --no-mcp when you do not want external tools to run.
Review Dimensions
- Purpose & Capability
- okName/description (coala-client CLI for chat, MCP, and skills) match the declared binary requirement (coala-client) and the documented actions (init, chat, mcp-import, skill import). No unrelated credentials or unrelated binaries are requested.
- Instruction Scope
- noteInstructions are specific to coala-client usage and reference config paths under ~/.config/coala/. However, the SKILL.md explicitly allows importing CWL/toolsets and skills from arbitrary http(s) URLs or zip files and describes running MCP servers (run_mcp.py). That implies downloading and potentially executing third‑party code from remote sources — behavior coherent with the tool but risky if sources are untrusted.
- Install Mechanism
- noteInstall spec uses a 'uv' package named 'coala-client' that creates the coala-client binary. The manifest does not show a raw URL download or archive extraction, but the origin/resolver for the 'uv' package is not described here — verify the package registry/source before installing.
- Credentials
- okNo required environment variables or credentials are declared. The documentation sensibly notes optional provider keys (OPENAI_API_KEY, GEMINI_API_KEY, OLLAMA_BASE_URL) needed only for LLM provider access; these are proportional and expected.
- Persistence & Privilege
- okSkill is not always-enabled and does not request persistent elevated privileges or modification of other skills. It uses per-user config paths under ~/.config/coala/, which is appropriate for a CLI tool of this type.