Skillv1.0.0

ClawScan security

Tech Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with a straightforward Nmap-based network scanner; it contains Python code that invokes the local nmap binary and parses XML output, and there are no signs of data exfiltration or unrelated credential requests — but pay attention to legal/permission risks and a small metadata mismatch about the declared required binary.
Guidance: What to check before installing: - Confirm you have explicit authorization to scan any network targets you will test — unauthorized scanning can be illegal or disruptive. - Ensure Nmap is installed and in PATH; the skill's docs require it but the registry metadata does not declare it as a required binary. Expect to install Nmap yourself. - If you will pass user-provided targets to this skill (especially in multi-user or automated contexts), validate or restrict those inputs to avoid accidental scans of third-party addresses or private ranges you don't control. - Running the skill will execute the local nmap binary via subprocess.run. That is expected for this functionality, but be mindful: the agent could perform noisy scans if invoked autonomously. Consider limiting autonomous invocation or adding governance controls before allowing the agent to run this skill without explicit user confirmation. - If you need stronger guarantees, review/modify the code to enforce allowed target ranges, rate limits, logging/auditing, and to surface scan parameters to the user rather than using defaults.

Review Dimensions

Purpose & Capability: concernThe SKILL.md, README, and code all state this is an Nmap-integrated network scanner and the code legitimately invokes the nmap binary. However, the registry metadata lists no required binaries while the docs explicitly require Nmap in PATH — that mismatch is an incoherence (the skill should declare 'nmap' as a required binary). Other than that omission, the requested resources (no credentials, no external endpoints) align with the stated purpose.
Instruction Scope: okRuntime instructions are limited to calling run_nmap_scan and the shipped code only runs the local 'nmap' executable (via subprocess.run with a list of args) and parses its XML output. The SKILL.md does not ask the agent to read unrelated files, exfiltrate data, or call external endpoints. One operational caution: the code does not sanitize or validate user-supplied targets beyond passing them as an argument to nmap — while list-based subprocess avoids shell injection, untrusted inputs could still cause unintended scans or be interpreted by nmap in unexpected ways.
Install Mechanism: okNo install spec is present and all code is included in the package — nothing is downloaded or written during install. This is low-risk from an installation standpoint. Note: the skill depends on the system having Nmap installed (manually), which the package metadata fails to declare.
Credentials: okThe skill requests no environment variables, credentials, or config paths — appropriate for a local scanner that invokes an external tool. There are no surprising credential requests or unrelated env access.
Persistence & Privilege: notealways:false (normal). The skill can be invoked autonomously by the agent (platform default). Because network scanning is sensitive and potentially disruptive or legally restricted, consider whether you want the agent to invoke scans autonomously; that risk stems from scan behavior, not from elevated privileges requested by the skill itself.