Skillv0.2.1

ClawScan security

HashiCorp Vault · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 15, 2026, 4:22 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it wraps the Vault CLI, requires the vault binary (installable via brew/apt/official releases), and its scripts and docs align with that purpose.
Guidance: This skill appears to be a straightforward Vault CLI helper. Before installing: (1) verify you'll install the vault CLI from a trusted source (brew/apt or HashiCorp releases); (2) be aware the scripts will read VAULT_ADDR/VAULT_TOKEN and will try to load a token from ~/.vault-token if VAULT_TOKEN is not set — ensure that file is stored securely; (3) the tool runs the local 'vault' binary (it will execute read and write commands) so avoid asking it to perform writes or policy changes unless you explicitly intend them; (4) review the included scripts (they are short and readable) if you want to confirm there is no unexpected network or exfiltration behavior. The skill is coherent with its stated purpose.

Purpose & Capability: okName/description match the implementation. The skill requires the 'vault' CLI and provides simple wrapper scripts and documentation for common Vault operations. No unrelated binaries, services, or credentials are requested.
Instruction Scope: noteSKILL.md and the scripts instruct the agent to use VAULT_ADDR and VAULT_TOKEN and to read a local token file (~/.vault-token) if VAULT_TOKEN is not set. This behavior is coherent for a Vault CLI helper, but the metadata did not list VAULT_ADDR/VAULT_TOKEN as required env vars — users should be aware the skill will read those at runtime and will exit if a token is not found.
Install Mechanism: okInstall options are brew, apt, or manual download from releases.hashicorp.com — all expected for distributing the official Vault CLI. No downloads from suspicious hosts or extracted arbitrary archives are present.
Credentials: noteThe skill does not declare required env vars in registry metadata but legitimately reads VAULT_ADDR and VAULT_TOKEN and will load a token from ~/.vault-token. The requested environment access is minimal and proportionate, but users should ensure their token file is protected and understand the skill will export VAULT_TOKEN into its environment when running scripts.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent or elevated platform privileges and does not modify other skills or system-wide agent settings.