Skillv1.1.1

ClawScan security

Vet Repo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 12:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is internally consistent: it contains a local scanner and pattern database and only reads repository files to produce a report; it does not request credentials, perform network installs, or attempt to auto-invoke itself.
Guidance: This looks like a legitimate repo scanner, but take the usual precautions before running code from an unknown source: 1) review scripts/vet_repo.py and scripts/patterns.py yourself to confirm behavior, 2) run the scanner on a copy of the repository or inside an isolated/containerized environment, 3) run it offline if you want to avoid accidental network access from other tools, and 4) be aware the scanner will surface any detected secrets or sensitive lines in its output — consider restricting output storage or scanning only non-sensitive copies. If you want stronger guarantees, inspect the pattern DB for false positives/negatives and run the script under restricted privileges.

Review Dimensions

Purpose & Capability: okName/description match the included artifacts: the package ships a Python scanner (scripts/vet_repo.py) and a large pattern DB (scripts/patterns.py) that are directly used to scan agent-related config files. Nothing requested by the skill (no env vars, no external binaries) appears disproportionate to the stated purpose.
Instruction Scope: noteSKILL.md instructs the user/agent to run the local Python script against a given PROJECT_ROOT. The scanner reads a defined set of config files (.claude/, .mcp.json, CLAUDE.md, .vscode, .cursor) and supporting skill scripts (.py, .sh) and reports matches. This is consistent with the stated goal, but note it will read arbitrary files under the scan scope and will print matched contents (including any secrets it finds). The instructions do not execute repository code; they only open and inspect files.
Install Mechanism: okNo install spec or remote downloads are used. The skill is delivered with its Python scripts and runs locally; no external package fetching or archive extraction occurs.
Credentials: okThe skill requests no environment variables or credentials. The patterns include detections for secrets and sensitive configs (expected for a scanner), but the skill itself does not request access to those secrets or attempt to store them.
Persistence & Privilege: okalways is false and disable-model-invocation is true (the skill will not be autonomously invoked by the model). The skill does not modify other skills or global agent settings; it only reads repository files and prints a report.