Skillv0.2.2

ClawScan security

Scan To Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 1:25 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (decode QR → parse slug → run clawhub install) and it requires explicit user confirmation before installing; only a small metadata mismatch about declared required binaries was found.
Guidance: This skill is internally coherent and enforces a safety gate (it defaults to dry run and requires --confirm). Before you install or use it: 1) ensure the host system has the 'clawhub' CLI installed and you trust installed ClawHub skills (installing any third-party skill can be risky); 2) verify the decoded slug/URL yourself before approving the install (open the skill page on ClawHub as suggested); 3) be aware the script may call 'zbarimg' or require opencv-python — ensure those binaries/packages are from trusted sources; and 4) confirm your agent will never pass the --confirm flag without explicit user consent. The only real issue to fix is metadata: the skill should declare that it relies on the 'clawhub' CLI and optionally 'zbarimg' or opencv so administrators know those dependencies exist.

Purpose & Capability: noteThe skill's name/description align with the code and SKILL.md: it decodes QR payloads, parses a ClawHub slug, and runs the ClawHub CLI to install. One minor inconsistency: registry metadata lists no required binaries, but the runtime uses the 'clawhub' CLI and optionally the 'zbarimg' binary (or the opencv Python package). Declaring those binaries in metadata would be appropriate.
Instruction Scope: okSKILL.md instructs the agent only to detect an image, run the included script to decode/parse, prompt the user, and only install after explicit confirmation. The script itself enforces domain whitelisting and slug validation before executing an install command.
Install Mechanism: okThis is an instruction-only skill with a single helper script; there is no install spec that fetches external code or archives. The script runs locally and relies on existing system binaries or Python packages (opencv or zbarimg).
Credentials: okThe skill requests no environment variables or credentials. It does execute local commands (clawhub install) but only after parsing/validation and explicit confirmation. No secrets are requested or read by the script.
Persistence & Privilege: okalways is false and the skill does not attempt to modify other skills or system-wide config. The agent can invoke it autonomously (default), but SKILL.md requires an explicit user approval step before installing, which limits autonomous privilege escalation.