Skillv1.0.0

ClawScan security

Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 3:54 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with its stated purpose as a local static security-audit tool and do not request disproportionate privileges or secrets.
Guidance: This appears to be a straightforward local static-audit tool; it is reasonable to install and use. Before running: (1) review audit.py yourself (it is small and readable) to confirm you are comfortable with its checks, (2) run it in an isolated/sandboxed environment (or inside a container/VM) when auditing untrusted repos to avoid accidental execution of suspicious files, and (3) do not rely solely on this heuristic tool—follow up with manual review and runtime analysis for high-risk targets. If you enable automatic invocation in workflows, ensure the script is executed only on directories you intend to audit and not on system-wide paths.

Purpose & Capability: okName/description are a security-audit for external resources and the package only requires python3 and includes a Python auditor (audit.py). No unrelated credentials, binaries, or install steps are requested, which matches the stated purpose.
Instruction Scope: okSKILL.md and README instruct the agent/user to run python3 audit.py against a local directory or integrate it into post-clone/install hooks. The script only reads files under the target directory and reports findings; it does not attempt to read unrelated system paths, environment variables, or send data externally.
Install Mechanism: okThere is no install spec (instruction-only) and the README suggests copying the files into a skills directory or running the script directly. No remote downloads or archive extraction are performed by an installer.
Credentials: okThe skill declares no required environment variables or credentials. The runtime code does not access secrets or external services; it only examines files in the scanned directory.
Persistence & Privilege: okThe skill is not forced-always, does not request system-level persistence, and its recommended automatic usage is only local post-clone hooks invoked by the user. Autonomous invocation is permitted by platform default but is not combined with broad privileges here.