Skillv1.0.0

ClawScan security

Tidal Lock · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 8:02 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (detecting cross-component coupling) matches its methodology, but the SKILL.md is vague about what access or tools it needs — it implies reading git history, configs, deployment/monitoring data and possibly environment variables or cloud artifacts without declaring any required binaries or credentials.
Guidance: This skill conceptually fits architecture analysis, but before installing: 1) Ask the author (or review the full SKILL.md) to list exact runtime actions and the minimal required access (e.g., read-only git, path to repo, whether it will call monitoring APIs) and to declare any required binaries. 2) Never grant broad cloud or production monitoring credentials; provide scoped, read-only tokens (or a copy of the repository) for an initial run. 3) Consider running the skill on a sanitized/replicated repository or non-production environment first. 4) Require the skill to declare any external endpoints it will contact and to limit reading of environment variables to those explicitly needed. 5) If you need stronger assurance, request the author publish the analysis scripts (so you can inspect the exact commands) rather than using an instruction-only skill that may exercise broad filesystem and network access.

Review Dimensions

Purpose & Capability: noteThe name and description align with the content: the skill is an architecture/coupling analysis that needs to map imports, co-changes, shared state, deploy ordering and failure correlations. That capability reasonably explains many of the analysis steps described. However, the skill declares no required binaries, environment variables, or install steps even though the methodology implies the need for git access, code parsing tools, and access to deployment/monitoring systems.
Instruction Scope: concernThe SKILL.md instructs the agent to 'map explicit dependencies (imports, API calls, DB access)', 'map implicit dependencies (shared configs, env vars, timing)', 'git co-change analysis', and 'map failure correlation'. Those steps can require reading repository files, git history, configuration files, environment variables, CI/CD/deployment metadata, and monitoring/logs. The instructions are high-level and do not constrain what the agent may read or query, which gives the agent broad discretion to access many codebase artifacts and possibly sensitive runtime/configuration data.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk during install. That reduces supply-chain risk. However, because there is no bundled tooling, the agent will rely on the runtime environment's tools (git, shell, language parsers), which are not declared.
Credentials: concernrequires.env and primary credential are empty, yet the methodology explicitly references env vars, DB access, deployment dependencies, and failure correlation (which often require monitoring/observability credentials or cloud credentials). The skill does not justify or request the minimal, scoped credentials (for example: read-only git access, readonly monitoring API keys). This omission makes it unclear what secrets or external services the agent will try to access to perform the analysis.
Persistence & Privilege: okalways is false and the skill does not request persistent installation or modification of other skills. Model invocation is enabled (the platform default) which is expected for a runtime analysis skill; this by itself is not an elevated privilege. No other persistent privileges are requested.