Back to skill
Skillv1.0.0
ClawScan security
Dependency Autopsy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 4, 2026, 9:56 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's goal (deep dependency health analysis) is plausible, but the instructions imply access to repository history, CI, and your codebase while the skill declares no required files, credentials, or install steps — an incoherence that merits caution.
- Guidance
- This skill describes a valuable but data-hungry analysis. Before installing or running it: 1) Ask the skill (or its author) which files and services it will read (package.json, lockfile, node_modules, source files, Git remote) and whether it will send data externally. 2) Expect it may need read-only tokens (e.g., a GitHub token limited to public_repo or repo:status) to check commits, PRs, and CI; do NOT hand over broad tokens or personal credentials. 3) Prefer running the analysis locally: provide a copy of package.json and lockfile or run the skill inside a sandboxed environment rather than giving networked access to your repo. 4) If you must provide credentials, use least-privilege, short-lived tokens and monitor their use. 5) If the skill will perform source-code analysis to determine 'exports used', ensure you understand whether the agent will upload source code to any external endpoint; if so, do not proceed without explicit guarantees. Because the SKILL.md does not declare the data/credential needs, treat the skill as potentially over-permissive until the author documents required inputs and data flows.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to perform deep analysis (commit history, CI status, export usage, tree-shakeability, license scanning, transitive dependency analysis). Performing those checks normally requires access to the project's package.json/lockfile and source code and/or access to remote APIs (GitHub/GitLab, npm/PyPI) via tokens. The skill declares no required config paths, binaries, or environment credentials, which is inconsistent with the capabilities it describes.
- Instruction Scope
- concernThe SKILL.md is a detailed diagnostic specification but is high-level and does not explicitly constrain where the agent should obtain data. To produce the promised metrics the agent would need to read local files (package.json, package-lock/yarn.lock, source files) and/or call remote services (repo hosting, npm registry, CI). The absence of explicit instructions about data sources or limits gives the agent broad discretion to request or access repository data or external APIs.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so there is no installation-time code to fetch or execute. That minimizes disk persistence and installation-time risk.
- Credentials
- concernThe analysis described would commonly require read access to: repository metadata (commit history, PRs, CI status) which often needs a GITHUB/GITLAB token, package registry metadata (npm/PyPI), and local files (package.json, lockfiles, and source). The skill declares no required env vars or config paths, so required credentials/paths are not made explicit — this is disproportionate and obscures what secrets or file access the agent will need.
- Persistence & Privilege
- okThe skill does not request permanent presence (always: false) and does not declare any self-modifying or cross-skill configuration behavior. Autonomous invocation is allowed by default but is not by itself a new privilege here.