Skillv1.0.0

ClawScan security

Forge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:16 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (autonomous QE that builds, tests, fixes, and commits) is plausible, but the runtime instructions ask the agent to build/run/migrate databases, seed real APIs, and autonomously apply & commit code fixes while the declared requirements list no binaries, env vars, or config paths — several notable mismatches that deserve caution.
Guidance: This skill will build, run migrations, start services, seed test data against real APIs, and can autonomously modify and commit your code. Before installing or running it: 1) Do not run on a production database — use an isolated environment or fork/branch. 2) Ensure you have backups and protect secrets: remove or rotate production credentials and provide dedicated test credentials for seeding. 3) Verify presence of required toolchains (git, language-specific build tools) — the skill metadata does not declare them. 4) Prefer 'verify-only' or non-autonomous modes for first runs; disable or require manual approval for auto-apply and auto-commit behavior. 5) Inspect .forge/progress.jsonl and any generated ADRs/specs before merges. 6) If you cannot audit all configuration and commands the skill will run, treat this as high-risk and run inside a disposable container/CI job rather than on your primary workstation or a production repo.

Review Dimensions

Purpose & Capability: concernForge's purpose (running builds, E2E tests, analyzing failures, and auto-fixing/committing code) legitimately requires access to repo files, build toolchains (git, cargo, npm, flutter, gradle, etc.), and possibly credentials for test seeding. However the skill metadata declares no required binaries, no required env vars, and no config paths — an incoherence. A QE tool should declare at least git and the expected build toolchains or request those env/config items explicitly.
Instruction Scope: concernSKILL.md instructs the agent to auto-discover project structure, run build commands, run DB migrations, start the backend, seed test data via real API endpoints (auth header X-Test-Key), execute exhaustive E2E and chaos tests against the real backend, autonomously apply fixes, and create commits. That scope includes reading and writing repo files, modifying databases, and making code changes. Those are high-impact actions and the instructions do not clearly require explicit user approval for destructive operations (auto-apply fixes, commits, migrations).
Install Mechanism: okThe skill is instruction-only (no install spec, no code files to run). That minimizes supply-chain risk from remote downloads. However, because the instructions expect many external tools to be present, absence of an install spec makes assumptions about the environment that are not declared.
Credentials: concernDeclared requirements list no env variables, yet the SKILL.md references copying .env.example to .env, using BACKEND_PORT/BACKEND_DIR/BUILD_COMMAND/MIGRATION_COMMAND and seeding test data via an endpoint requiring 'X-Test-Key'. The skill will therefore read repository files and environment variables implicitly; it may access sensitive secrets (DB credentials, API keys) that are present in .env. The absence of explicit credential declarations is disproportionate and opaque.
Persistence & Privilege: concernForge writes progress files (.forge/progress.jsonl), maintains memory namespaces and includes an Auto-Committer that stages and creates commits, plus rollback behavior. Although always:false, the skill allows autonomous execution (default model invocation enabled). Combined with autonomous code changes and persistent state, this gives substantial influence over the repository and working environment and should be guarded by explicit user approvals and configuration.