Skillv0.1.2

ClawScan security

Nano Gpt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 8:22 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested environment variables align with its stated purpose (a local NanoGPT CLI wrapper); there are no unexplained credential requests or hidden install URLs, but review the included prompt text and any npm installs before use.
Guidance: This skill appears coherent with its stated purpose: it wraps a NanoGPT CLI and only asks for the NanoGPT API key. Before installing or running: 1) Verify the API base URL (NANO_GPT_BASE_URL) if you have concerns about where data is sent (defaults to https://nano-gpt.com). 2) Only run npm install/build or npm install -g if you trust the package source; installing the published npm package will execute third-party code. 3) The CLI will read and transmit any local images/videos you explicitly provide — do not pass sensitive files unless you intend to upload them. 4) The SKILL.md contains a default prompt entry (flagged by an automated detector); review that text to ensure it doesn't try to override agent/system policies in unexpected ways. If you want stricter isolation, avoid running the global npm install and use the code only after manual review or in a sandbox.
Findings: [system-prompt-override] expected: The SKILL.md / agents/openai.yaml includes a default_prompt field to tell the agent how to use the skill. The regex-based detector flagged this pattern as a potential system-prompt override. In this repository the default_prompt appears to be a legitimate skill instruction (telling the agent when to use NanoGPT), but you should inspect the prompt text to ensure it doesn't attempt to surreptitiously change system-level behavior beyond the skill's scope.

Review Dimensions

Purpose & Capability: okName/description, required env var (NANO_GPT_API_KEY), and included code (CLI invoking NanoGPT endpoints, image/video handling) are consistent. Optional env overrides and per-user config are expected for a CLI wrapper. No unrelated credentials or surprising binaries are requested.
Instruction Scope: noteSKILL.md instructs the agent to use the bundled wrapper scripts and to only upload local media when explicitly provided — which matches the code (image/video inputs are read only when paths are given). It also tells the user to run npm install / build or npm install -g nano-gpt-cli if the CLI isn't present; those steps will pull and run code and should be executed intentionally. A prompt-injection pattern was flagged in SKILL.md metadata (default prompt / system override); the agent's default_prompt is a normal skill field but you should review it to ensure it doesn't change system behavior unexpectedly.
Install Mechanism: okThere is no automated install spec in the registry entry; the SKILL.md suggests normal npm-based installs (local build or npm install -g). No downloads from personal servers, shorteners, or IP addresses are present; package.json and source files look standard. Installing the published npm package is the only non-local step and is expected for a CLI.
Credentials: okOnly one required secret (NANO_GPT_API_KEY) is declared as the primary credential; optional NANO_GPT_* env vars are reasonable for model/base-url overrides. The code reads and stores per-user config (api-key) in the user config directory if you call 'nano-gpt config set api-key', which is documented and expected.
Persistence & Privilege: okAlways:false and user-invocable:true (normal). The skill may write its own per-user config (config.json in the user's nano-gpt-cli config dir) when asked to store the API key — this is expected behavior for a CLI and does not modify other skills or global agent settings.