Back to skill
Skillv1.0.1
ClawScan security
MiroFish Predict · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 9:47 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions match its stated purpose (a multi-agent LLM simulation that uses Docker and an LLM API key), but it runs remote code via npm and will pull/run Docker images at runtime so review the package and images before trusting sensitive data.
- Guidance
- This skill appears to be what it claims: a multi-agent simulation that needs Docker and an LLM API key. Before installing: 1) Verify the mirofish-cli npm package and its maintainer (inspect the GitHub repo and package contents). 2) Confirm which Docker image(s) the CLI will pull and inspect them (unknown images can run arbitrary code on your machine). 3) Use a scoped or low-privilege LLM API key or local model if possible, and set file permissions on ~/.mirofish/.env. 4) Consider limiting billing/quota on the API key (simulations are token-heavy). If you cannot verify the package or images, treat the runtime as higher risk and avoid supplying high-privilege credentials.
Review Dimensions
- Purpose & Capability
- okName/description (55-agent simulation) aligns with required binaries (mirofish CLI and docker) and the single declared secret (LLM_API_KEY). Installing an npm CLI to provide the 'mirofish' binary is a coherent way to implement this functionality.
- Instruction Scope
- okSKILL.md instructs only to run mirofish CLI commands, start/stop Docker backend, and set an LLM API key (via env, OpenClaw config, or ~/.mirofish/.env). It does not instruct reading unrelated system files or requesting unrelated credentials.
- Install Mechanism
- noteInstall is an npm package (mirofish-cli) which is a typical, traceable mechanism. However the runtime includes pulling and running a Docker backend image (SKILL.md indicates images are pulled on first start) — pulling/running unknown container images increases risk and should be reviewed (image origin not specified in SKILL.md).
- Credentials
- okOnly one environment variable (LLM_API_KEY) is required and is appropriate for a tool that drives many LLM calls. No unrelated secrets or config paths are requested. Note: the skill will send user prompts and generated context to the LLM provider associated with that key, so the key should be scoped/trusted.
- Persistence & Privilege
- okSkill is not always-enabled and does not request special platform privileges. It writes/reads its own config (~/.mirofish/.env) per instructions which is normal for a CLI tool; it does not request modifying other skills or system-wide agent settings.