Skillv4.3.0

ClawScan security

Link Brain · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 8:04 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears internally consistent: it's a local bookmark/links manager that stores data under ~/.link-brain, only performs network fetches when you explicitly use auto-save, and requires no external credentials or installers.
Guidance: This skill looks like a local bookmark manager and is generally coherent: it stores everything in ~/.link-brain (or the path you set with LINK_BRAIN_DIR) and only fetches web pages when you explicitly use --auto/auto-save. Two practical cautions before installing: (1) using the documented quickstart will auto-detect and import ALL bookmarks from detected browsers — if you have private or sensitive bookmarks you may prefer to run setup (which reports sources) and import selectively; (2) auto-save performs network fetches with urllib, so avoid auto-saving untrusted URLs if you are concerned about remote content. If you want extra assurance, run the included tests in a disposable LINK_BRAIN_DIR (export LINK_BRAIN_DIR=$(mktemp -d)) and/or read the bundled scripts/brain.py to confirm no unexpected network endpoints or subprocess calls.

Review Dimensions

Purpose & Capability: okName/description match the code and SKILL.md. The package includes a CLI Python script that implements saving, searching, imports, graph export, and spaced repetition; these map to the claimed features (browser imports, local SQLite, graph HTML, auto-save network fetches). No unrelated credentials, binaries, or cloud services are requested.
Instruction Scope: noteSKILL.md and the script instruct the tool to scan Chrome, Safari, and Firefox and to 'auto-import everything it finds' when you run quickstart. That behavior is coherent with a bookmark-import feature but can be surprising: quickstart will read your browser bookmark files and import all bookmarks automatically. Network requests are limited to explicit --auto/auto-save operations (uses urllib per the code).
Install Mechanism: okNo install spec is provided (instruction-only invocation), and the Python script is bundled with the skill. Nothing in the metadata attempts to download or execute external installers. The script creates a data directory and writes its database and generated HTML there.
Credentials: okNo required environment variables or credentials are declared; the only optional env var is LINK_BRAIN_DIR to override the data directory. This matches the script's behavior (it defaults to ~/.link-brain and honors LINK_BRAIN_DIR).
Persistence & Privilege: okalways is false and the skill does not request elevated platform privileges. It creates and uses its own data directory and files under that directory. Autonomous invocation is allowed by default (normal), but there is no evidence the skill attempts persistent system-wide changes beyond its own data directory.