Skillv1.0.0

ClawScan security

Architecture Governance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 11:14 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description, templates and script are coherent for an architecture-governance tool, but the package claims no credentials/config while its examples and metric-collection snippets clearly expect access to internal services (SonarQube, Consul/Service Registry, Jaeger, Jenkins, Snyk, incident systems), creating a mismatch you should investigate before installing.
Guidance: This package looks like a legitimate architecture-governance tool, but it expects to collect data from internal systems (SonarQube, service registry, tracing, CI, incident systems, Snyk). Before installing or running it: 1) Confirm where the script will run (CI runner, admin host, developer laptop) and that running it there has appropriate network access; 2) Ask the author/maintainer which endpoints and credentials are required and how to supply them (env vars, config file), and prefer short-lived, least-privilege tokens; 3) Review and test scripts in an isolated environment (no access to org-wide secrets) to see what network calls they make; 4) Verify that collected metrics and generated reports remain within your org and are not posted to external/public endpoints; 5) If you will run it in production, require code review of the scripts and add logging/auditing for credential use. If the maintainer cannot explain where credentials/configs belong, treat the omission as a red flag and avoid running with sensitive credentials.

Review Dimensions

Purpose & Capability: noteThe name, SKILL.md, templates and the health-check script all align with an architecture governance tool: collecting metrics, scoring dimensions, and producing reports. The included references and example scripts show intended integrations with SonarQube, service registries, tracing (Jaeger), CI systems (Jenkins/GitLab), Snyk and an incident system — which is expected for the stated purpose. However, the skill declares no required env vars, endpoints or config paths even though real integration will require service endpoints and likely credentials (tokens). This omission is disproportionate to the claimed automated collection capability.
Instruction Scope: noteSKILL.md instructs the agent/user to '采集/接收指标' and to run scripts/health-check.py to collect metrics and generate reports. The instructions do not direct reading unrelated user files or exfiltration, and they stay within architecture-governance scope. But the runtime instructions and example collection snippets refer to contacting internal APIs (curl to SonarQube, HTTP calls to consul/jaeger/jenkins/incident-system, running snyk), which implies network access to internal services and possibly credentials — none of which are declared. There is no instruction about where collected data will be sent or how credentials are used/stored.
Install Mechanism: okThere is no install spec (instruction-only + a small Python script). That is low-risk from an installer perspective: nothing is downloaded or installed by the registry itself. The only executable is scripts/health-check.py included in the bundle.
Credentials: concernThe skill requests no environment variables or credentials in metadata, but its examples and metrics collection snippets clearly assume access to internal services (SonarQube API, Consul, Jaeger, Jenkins, incident-system, Snyk). Legitimately, those integrations require endpoints and tokens. The absence of declared required env vars or guidance for secure credential handling is a mismatch and a concern: it's unclear what secrets will be needed, where they are expected to be provided, and how they are protected.
Persistence & Privilege: okalways:false and no indication the skill modifies other skills or system-wide settings. It does not request persistent privileges beyond normal script execution. Autonomous invocation is allowed (platform default) but there are no elevated persistence flags.