Skillv0.1.0

ClawScan security

@blockchain-forever/aelf-skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 4:21 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated role as a hub that lists, downloads, and bootstraps aelf ecosystem skills — it requires no unexplained credentials and uses npm/git/tar/bun flows that fit its purpose.
Guidance: This package is coherent for its stated purpose, but it is a bootstrapper that downloads and installs third-party skill packages and will run their install/setup scripts. Before installing or running it: 1) review skills-catalog.json and the repository URLs for the skills you'll bootstrap; prefer known GitHub repos; 2) run bootstrap in a contained environment (container, VM, or a machine without sensitive credentials) or use --skip-install and inspect code first; 3) consider using --source=github or --source=local to avoid unexpected npm package variants; 4) be aware that 'bun install' and package setup scripts inherit your environment — avoid running on hosts with high-value secrets; 5) if you need higher assurance, inspect individual skill packages (or run security:audit) before allowing automated bootstrap/installation.

Review Dimensions

Purpose & Capability: okName/description match the code and SKILL.md: this package is a catalog/bootstrapping hub. The scripts build a skills catalog, clone/npm-pack skill packages, and run setup/health commands. Required tools (git, npm, bun, tar) are appropriate for those tasks and no unrelated credentials or config paths are requested.
Instruction Scope: noteSKILL.md instructs the agent to run bootstrap.sh, bun run setup, and health checks. Those steps read skills-catalog.json/workspace.json and then download and operate on third-party skill repos. This stays within the hub's purpose, but the runtime behavior grants the agent the ability to fetch and operate on external code (including running each skill's setup/install scripts).
Install Mechanism: concernBootstrap code downloads via npm (npm pack -> tar extract) and via git clone (GitHub). It extracts tarballs to disk and runs 'bun install' inside downloaded skill directories. These are standard mechanisms for a bootstrapper but are a supply-chain risk: tar extraction and executing package install/setup scripts means arbitrary code from npm/github will be written and executed locally.
Credentials: okThe package declares no required environment variables or credentials. Some utilities (expandPathWithEnv) will expand ${VARS} found in workspace paths and will error if missing; runCommand inherits process.env when spawning installs, so local environment variables could be visible to child processes. No unrelated secret variables are explicitly requested by the skill.
Persistence & Privilege: okThe skill is not forced-always, is user-invocable, and does not claim to modify other skills' config. It writes downloaded skill files to a destination directory (downloaded-skills), which is expected behavior for a bootstrap tool.