Skillv0.1.4

ClawScan security

BRICKS CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 17, 2026, 7:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions generally match a BRICKS CLI use-case, but they include steps that create persistent local access and allow headless/auto-approved command execution and LAN device bridging — behaviors that materially expand privilege and should be treated with caution.
Guidance: This skill appears to be what it claims (a BRICKS CLI) but contains several risky operational steps. Before installing or following the rules: - Verify the npm packages (@fugood/bricks-cli and acpx): check the publisher, star history, source repository, and inspect the package code if possible. No homepage is provided in the skill metadata — that increases risk. - Avoid using acpx --approve-all or any auto-approve flag. Auto-approve allows headless execution of arbitrary bash commands in your project directory. - Do not persistently write ~/.acpx/config.json on shared machines unless you understand and accept the risk; persistent config lets any process using acpx start sessions that access your project files. - Keep ACP disabled in BRICKS Project Desktop except when actively bridging; remove persistent config when done. Rotate passcodes/tokens used for device access. - Run installs and initial tests in an isolated environment (VM/container) or on a non-production machine before trusting them on your workstation or network. - Restrict LAN scans to trusted networks and confirm device workspace IDs to avoid interacting with devices from other workspaces. If you need stronger assurance, request the upstream package source or a link to the project's repo and review its code, or prefer a CLI distributed from a known, verifiable homepage or GitHub org.

Review Dimensions

Purpose & Capability: noteThe name/description (BRICKS CLI for device/app/module/media/project management) aligns with the runtime instructions. The skill explicitly covers both cloud API operations and local LAN/device interactions (discovery, MCP/CDP bridging, and ACP desktop bridging), which is broader than a simple cloud-only CLI but coherent for a device-management tool.
Instruction Scope: concernSKILL.md instructs the user to scan the LAN for devices, bind devices, bridge to devices via MCP, and to enable and use ACP (Agent Client Protocol) which can run arbitrary bash commands in a project directory. It also documents and normalizes use of acpx --approve-all and writing persistent config (~/.acpx/config.json). Those steps grant local file access and headless command execution that go beyond mere CLI management and can lead to data exposure or arbitrary command execution if misused.
Install Mechanism: noteThere is no packaged install spec in the skill bundle, but SKILL.md instructs installing @fugood/bricks-cli and acpx globally from npmjs.com. Installing global npm packages is expected for a CLI but introduces moderate supply-chain risk (packages published under an unknown owner; skill metadata lacks homepage). No direct downloads or obscure URLs are used in the instructions.
Credentials: noteThe registry metadata declares no required env vars or credentials. Runtime instructions do rely on user-provided passcodes and on saved bricks auth profiles, and they recommend writing ~/.acpx/config.json which grants persistent agent invocation capability. While not requesting unrelated cloud creds, the instructions create persistent local state that could be abused.
Persistence & Privilege: concernThe skill itself is not always-enabled and does not request system-wide privileges, but its recommended workflow includes creating persistent acpx config and enabling ACP in the BRICKS Desktop app, both of which create lasting local access paths (shared sessions, auto-run commands via --approve-all). Those persistence mechanisms increase the blast radius if the installed CLI or acpx agent is compromised or invoked by untrusted processes.