Skillv1.0.0

ClawScan security

swanlog · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 10:51 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are consistent with its stated purpose (pulling SwanLab experiment data to disk) and do not request unrelated credentials or suspicious installs.
Guidance: This skill appears to do what it says: it runs a bundled Python script that contacts your SwanLab account (using credentials saved by `swanlab login` in ~/.swanlab/.netrc), pulls experiment artifacts, and writes them to a local directory. Before installing/using it: ensure you have run `swanlab login` and trust the SwanLab SDK on the machine; run the script in a directory where you are OK with files being written (the script writes config, metadata, metrics.csv, brief.md, etc. and may overwrite the same run dump); be aware the agent will capture stdout/stderr (errors and warnings may be shown to the user). The implementation uses an internal SDK HTTP client (api._client) to enumerate metric columns — this is an implementation fragility (might break if SwanLab changes) but not a security red flag. If you need higher assurance, review the script locally and run it manually once to confirm it behaves as expected.

Review Dimensions

Purpose & Capability: okName/description match the included script and requirements. The script depends only on swanlab, pandas, and omegaconf and reads SwanLab run data into a local directory; those dependencies and behavior are proportional to the described purpose.
Instruction Scope: noteInstructions stay within a read-only fetch workflow: run the bundled script, capture stdout/stderr, and read brief.md to summarize results. The SKILL.md and script expect local SwanLab credentials (from ~/.swanlab/.netrc) and optionally a --keys-file; both are reasonable. One implementation detail: the script uses api._client (an internal HTTP call) to enumerate columns — this is an internal SDK call (fragile but not malicious). The script writes files to the current working directory (or -o target) and will read any keys-file the user supplies.
Install Mechanism: okNo install spec (instruction-only skill with an included Python script). The bundled requirements.txt lists standard packages from PyPI. No downloads from arbitrary URLs or archive extraction are present.
Credentials: okThe skill declares no required environment variables or credentials. It relies on the normal SwanLab login flow (credentials cached under ~/.swanlab/.netrc), which is appropriate for accessing SwanLab data. No unrelated secrets or external service tokens are requested.
Persistence & Privilege: okalways is false and disable-model-invocation is default; the skill does not request permanent or cross-skill configuration changes. It writes output only to the specified output directory and does not modify other skills or system-wide agent settings.