Skillv0.1.0

ClawScan security

Agent Communication Hub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 2:58 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, README, and SKILL.md consistently implement an SQLite-backed agent messaging hub and do not request unrelated credentials or perform unexpected I/O or network calls.
Guidance: This skill appears internally consistent and implements the described messaging hub. Before installing or running it: (1) be prepared to run npm install/build (better-sqlite3 is a native dependency that may compile), (2) supply a safe dbPath (do not point it at system-critical files or directories), (3) review the included source if you have security concerns (there are no network calls or env-var access), and (4) run the tests/examples in an isolated environment if you want to validate behavior before using it in production. Autonomous invocation is allowed by default on the platform (disable if you do not want the agent to call the skill without explicit user prompts), but that is a platform-level behavior and not specific to this skill.

Review Dimensions

Purpose & Capability: okThe name and description match the code and SKILL.md: the package implements messaging, pub/sub, session tracking, offline queues, and SQLite-backed persistence. All required functionality (message queueing, event subscriptions, session management) is implemented in the included sources.
Instruction Scope: okRuntime instructions in SKILL.md stay within scope (create hub, register/connect agents, send/subscribe/publish, drain queues). The instructions do not ask the agent to read unrelated files, environment variables, or send data to external network endpoints. The code also contains no network calls or references to external endpoints.
Install Mechanism: noteThe registry metadata lists no install spec (instruction-only), but the package includes TypeScript sources and a package.json with a native dependency (better-sqlite3). Building/running this skill in practice requires npm/yarn and a native build step for better-sqlite3; there is no untrusted URL download or obfuscated installer. This is expected for a local TypeScript library but worth noting because installing npm dependencies and compiling native modules has operational implications.
Credentials: noteThe skill requires no environment variables or credentials, which is appropriate. One proportionality note: the hub persists to a SQLite file path provided by the caller (dbPath). That capability is necessary for durable storage but means a caller-provided path determines where files are written—avoid passing sensitive system paths or locations with privileged data.
Persistence & Privilege: okThe skill does not request persistent platform privileges (always is false) and does not modify other skills or global agent settings. Its persistence is limited to its own SQLite DB and normal file system access when a dbPath is supplied.