Skillv1.0.1

ClawScan security

mcp-bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 6:30 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are internally consistent with a CLI that connects to MCP servers, but it relies on fetching and running third‑party npm packages at install/runtime so there is moderate supply‑chain risk to review before use.
Guidance: This skill appears to do what it says, but it executes and downloads code from npm (both during global install and via npx when launching server implementations). Before installing: 1) inspect the npm package and its GitHub repository (publisher, recent commits, issues). 2) Avoid global install if possible; consider installing in an isolated environment/container. 3) Pin versions and review package.json/maintainers. 4) Limit and scope any tokens (e.g., GITHUB_TOKEN) used by server implementations and do not store secrets in plaintext config files. 5) Review config.json to ensure the configured command/args are trusted (they can run arbitrary commands). If you need higher assurance, request the package source code or a reproducible build before use.

Review Dimensions

Purpose & Capability: okName, description, and runtime instructions all describe a CLI/SDK for connecting to MCP servers. The npm package + config-based server definitions (including running server implementations via npx) are coherent with the stated purpose.
Instruction Scope: noteSKILL.md instructs installing the npm package and running the CLI with a config.json. The config lets you specify arbitrary commands/args (e.g., npx calls) and environment variables, which is expected for a bridge but means the skill's runtime can execute arbitrary third‑party code and read the provided config file and any env vars you pass.
Install Mechanism: noteThere is no formal install spec in the skill bundle (it's instruction‑only), but SKILL.md tells users to run npm install -g. Installing a global npm package and using npx to fetch server implementations at runtime is typical here but increases supply‑chain risk because code is fetched from npm/GitHub during install or execution.
Credentials: noteThe manifest declares no required env vars. SKILL.md recommends using environment variables for tokens (example: GITHUB_TOKEN). That is reasonable, but tokens grant access to external services and should be scoped and protected; the skill does not request unrelated credentials.
Persistence & Privilege: okalways is false and the skill is user-invocable. The skill does not request elevated platform privileges in the manifest. No indication it modifies other skills or system-wide settings.