Skillv1.0.0

ClawScan security

ARC Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:33 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement what it claims (creating ARC repos) but its metadata omits required tools/credentials described in the runtime instructions, so the package is internally inconsistent and you should review how credentials and binaries are supplied before using it.
Guidance: This skill appears to do what it says (create ARC repositories and guide metadata entry), but its metadata is incomplete: SKILL.md requires git, git-lfs, and optionally an ARC Commander CLI and a DataHUB personal access token, yet none of these are declared in the skill manifest. Before installing or running: 1) review and understand scripts/create_arc.sh (it will mkdir, cd into the target, run arc init if available or git init otherwise); 2) ensure git and git-lfs are installed and be prepared to supply DataHUB credentials if you choose to push; 3) be cautious when the agent asks to create or push a remote repository — only provide tokens or create remotes for hosts you trust; 4) the skill will run shell commands and modify files under the chosen path, so avoid running it with elevated privileges and verify the target path; 5) the recommendation to store projects under '/home/uranus/...' is just an example and should be changed to a path you control. If you want higher assurance, ask the developer to update the skill manifest to list required binaries and any env vars (e.g., DATAHUB_TOKEN) explicitly.

Review Dimensions

Purpose & Capability: noteThe name and description match the instructions and included script: this is an ARC creation helper that initializes a directory, creates ARC subdirectories, updates ARC metadata with an 'arc' CLI if present, and guides the user to add studies/assays/workflows and push to a DataHUB. However the skill metadata lists no required binaries or env vars while SKILL.md explicitly lists prerequisites (git, git-lfs, optional ARC Commander CLI and DataHUB Personal Access Token). That mismatch is an inconsistency (likely sloppy metadata) but not proof of malicious intent.
Instruction Scope: okThe SKILL.md stays within the stated purpose: it interactively collects identifiers/metadata and instructs the agent to run a small create script, run 'arc' subcommands, copy files into repository folders, run git commands, and optionally push to a remote DataHUB. It does not instruct arbitrary system enumeration or to read unrelated files. It does recommend creating/pushing remotes (which requires credentials provided by the user) and references external hosts (git.nfdi4plants.org, datahub.hhu.de) in a way consistent with the described workflow.
Install Mechanism: okThere is no install specification (instruction-only skill plus a small helper script). The included script (create_arc.sh, 877 bytes) is short, readable, and performs local filesystem and git initialization only. No downloads, extraction, or third-party package installs are performed by the skill itself.
Credentials: concernThe skill metadata declares no required environment variables or primary credential, yet the SKILL.md references a 'Personal Access Token for git.nfdi4plants.org or datahub.hhu.de' for DataHUB sync and expects git/git-lfs and optionally an ARC Commander CLI binary. The absence of declared env vars/binaries in metadata is an omission that could lead an agent to attempt to use credentials or binaries from the environment without explicit requirements being visible to the user. This is a proportionality / transparency concern (not direct evidence of exfiltration).
Persistence & Privilege: okThe skill does not request persistent or elevated privileges; always is false and it does not modify other skills or system-wide agent settings. The runtime actions are limited to creating directories, initializing git, and running local arc/git commands (subject to user consent).