Skillv1.0.0

ClawScan security

RamaLama CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 20, 2026, 8:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it documents how to run the ramalama CLI, requests the ramalama binary (and optionally a container runtime), and its instructions and install entries align with that purpose.
Guidance: This skill appears to do what it says: it expects a local 'ramalama' binary and (optionally) a container runtime and documents how to use them. Before installing/use: (1) verify the source of the ramalama package (brew tap or the 'uv' formula) to ensure you trust the distributor; (2) be mindful that running 'serve' exposes an HTTP API — protect it with network controls or auth if you will serve sensitive data; (3) model pulls will download potentially large files and use significant CPU/GPU/memory and network bandwidth; (4) when running in containers, ensure images and mounts are trusted and avoid mounting sensitive host paths into model containers. If you need higher assurance, ask the publisher for a canonical homepage/repository or an official release URL for the ramalama binary before installing.

Purpose & Capability: okName/description (run and interact with AI agents) align with declared requirements: the skill needs the 'ramalama' binary and optionally docker/podman. Those are appropriate and expected for a CLI that runs local/ containerized models.
Instruction Scope: okSKILL.md only instructs the agent to run ramalama commands and related tooling (docker/podman, curl, lsof). It does not instruct reading unrelated system files, harvesting environment variables, or exfiltrating data to unknown endpoints. Serving an OpenAI-compatible endpoint is noted, which is expected for this tool.
Install Mechanism: noteInstall specs use package managers (brew and a 'uv' formula) to provide the 'ramalama' binary. Brew is a common, low-risk path; 'uv' is less widely known—verify the uv provider and formula source before trusting it. No direct URL downloads or archive extraction are used in the manifest.
Credentials: okThe skill requests no environment variables or credentials. The documented commands may contact model hubs (hf://, rlcr://, etc.) to pull models, which implies network access but is proportional to the stated purpose.
Persistence & Privilege: okalways:false and normal autonomous invocation settings are used. The skill doesn't request persistent system-wide privileges, nor does it modify other skills' configs in the instructions.