Skillv1.2.0

ClawScan security

1.2.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 11:01 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The playbook content and templates match the described incident-triage purpose, but metadata and included scripts contain small inconsistencies (missing declared CLI dependencies and a leftover healthcheck string referencing a different skill), which make the package somewhat incoherent and worth caution.
Guidance: This package appears to be a lightweight incident triage playbook, but there are a few inconsistencies you should address before installing or using it: 1) Metadata mismatch — the package 'Name' field is '1.2.0' while SKILL.md identifies the skill as 'incident-triage-playbook'; ask the publisher for provenance or a proper homepage. 2) The runtime instructions call external CLI tools ('triage' and 'workflow') that are not provided or declared; ensure those tools exist in your agent environment or clarify how they are installed. 3) The healthcheck script echoes 'pipiwu-benchmark-alpha-skill' which looks like leftover text from another project — confirm this is not an accidental inclusion or sign of a copied/mispackaged bundle. If you proceed, run the skill in a restricted/sandboxed environment first, verify the origin, and do not grant any credentials or system-wide write access unless you confirm what the external CLIs do and trust their source.

Review Dimensions

Purpose & Capability: noteSKILL.md, templates, and the described runbook-first triage workflow are consistent with the stated purpose. However the package metadata 'Name: 1.2.0' (instead of a human-readable skill name) and the healthcheck script printing 'pipiwu-benchmark-alpha-skill' are misaligned with the incident-triage identity and look like copy/paste or release metadata errors. Also the instructions assume the presence of 'triage' and 'workflow' CLI commands but the skill does not declare required binaries or provide those tools.
Instruction Scope: concernSKILL.md directs the agent to run CLI commands (triage, workflow) and to use local templates — the templates are included so that's fine — but there is no install spec or declared required binaries for those CLI tools. The instructions do not attempt to read unrelated system files or exfiltrate data, but they give the agent discretion to 'Save output artifacts for audit and handoff' which could lead to unspecified persistence unless the agent environment policies restrict it.
Install Mechanism: okThis is instruction-only with no install spec. Included scripts are tiny and only echo strings. No downloads, no archives, and nothing is written to disk by an installer. From an install-mechanism point of view this is low risk.
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate. The only oddity is the healthcheck script printing a different skill name/version, which is inconsistent but not an immediate credential concern.
Persistence & Privilege: okalways:false and user-invocable:true (defaults) — the skill is not force-included and does not request elevated platform privileges. It does not modify other skills or request persistence; templates and small scripts are self-contained.