Skillv1.1.1

ClawScan security

Device Control (Iyeque) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 17, 2026, 5:08 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions largely match its stated purpose of controlling volume, brightness, and apps; it runs local system commands (no network exfiltration or secret access) but has a few implementation inconsistencies and minor safety notes you should review before installing.
Guidance: This skill appears to do what it says: run local system commands to control volume, brightness, and open/close apps. Before installing or using it, consider: (1) it runs platform binaries on your machine — ensure you trust those utilities (e.g., nircmd on Windows) and install them from official sources; (2) SKILL.md mentions supplying an app path but the code rejects path separators, so use application names (not full paths) or update the skill if you need path support; (3) although inputs are allowlisted and numeric inputs validated, the skill sometimes invokes shell commands (necessary for certain platforms); only give it to agents you trust to run local commands; (4) test the skill in a safe environment first to confirm behavior on your OS. If you need the skill to accept full paths or handle other app name characters, request the author clarify or patch the sanitizeAppName behavior.

Review Dimensions

Purpose & Capability: noteThe skill claims to control volume, brightness, and apps and only requires node in metadata, which is consistent with the included ctl.js that shells out to platform-native tools (pactl/amixer, osascript, brightnessctl, nircmd, pkill/taskkill). The manifest does not request unrelated credentials or config paths. One inconsistency: SKILL.md says the `app` parameter may be an application name or path, but the code's sanitizeAppName disallows path separators ('/') so passing a full path will be rejected.
Instruction Scope: noteSKILL.md instructs running the bundled ctl.js with actions and arguments; the code follows those instructions and documents platform-specific dependencies. The runtime does read /proc/version to detect WSL and executes local system binaries. Inputs are validated with strict allowlists for app names and integer validation for numeric values, which limits command-injection risk. However some commands are invoked via shell (exec/execPromise) rather than execFile in a few platform branches (macOS osascript, nircmd and Windows powershell usage, Linux open_app uses exec), which is expected for these platform-specific tools but is worth noting.
Install Mechanism: okNo install script is provided (instruction-only with one included JS file). Nothing is downloaded or extracted by the skill itself. The skill relies on external platform utilities (pactl/amixer/brightnessctl/osascript/nircmd/pkill/taskkill) which the SKILL.md documents; installing those is left to the user and is expected for this capability.
Credentials: okThe skill requests no environment variables or credentials and does not access network endpoints or secrets. Its access is limited to local filesystem reads (to detect WSL) and launching local system binaries — proportional to the stated device-control purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or persistent platform privileges, nor does it modify other skills or system-wide agent settings. It only executes ad-hoc commands when invoked.