Back to skill
Skillv0.1.3
ClawScan security
Yggdrasil · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 1:09 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and install steps are consistent with diagnosing and installing Yggdrasil; no unrelated credentials or surprising persistence are requested, but there are some operational cautions (package install, apt repo usage) you should review before installing.
- Guidance
- This skill appears to do what it says: help install and diagnose Yggdrasil. Before installing: (1) review the Node package @resciencelab/declaw (its npm page or GitHub) to ensure you trust it, since the skill's runtime behavior depends on that package; (2) when running install commands, avoid blindly piping remote content into sudo — download and inspect GPG keys and package sources first; (3) note the apt repo in the instructions uses HTTP — prefer HTTPS or verify package signatures to avoid MITM risk; (4) the skill requires elevated privileges to create network interfaces (CAP_NET_ADMIN/root) — apply least privilege and run these steps on machines you control. If you want higher assurance, provide the package name and version so you or a reviewer can audit its code before installing.
- Findings
[no_regex_findings] expected: Scanner found no code to analyze because this is an instruction-only skill (SKILL.md + references). That is expected, but it means the npm package (@resciencelab/declaw) and any code it installs were not inspected.
Review Dimensions
- Purpose & Capability
- okThe name/description (diagnose Yggdrasil, help install/start daemon) matches the SKILL.md and references/install.md content. The Node install spec (@resciencelab/declaw) plausibly provides the gateway plugin the instructions expect; no unrelated services or credentials are requested.
- Instruction Scope
- noteInstructions legitimately cover checking for the yggdrasil binary, installing it, setting network capabilities (setcap/CAP_NET_ADMIN or running as root), and restarting the gateway. They ask the agent/operator to run system-level commands and to add apt repos. This is expected for a network/daemon helper, but the guidance includes piping a downloaded GPG key into sudo apt-key add and adding an HTTP apt repo — both are operationally sensitive and should be executed only after verifying source integrity.
- Install Mechanism
- noteInstall uses a Node package (@resciencelab/declaw) — a reasonable, traceable registry artifact — plus standard platform package commands and GitHub releases for manual installs. This is moderate risk (installing third-party packages). The apt repo URL in the instructions is served over HTTP (not HTTPS) which could be subject to MITM if used; the curl|sudo apt-key add pattern is also high-privilege and should be treated cautiously.
- Credentials
- okThe skill requests no environment variables, secrets, or config paths. The elevated privileges it references (CAP_NET_ADMIN, running installers with sudo) are required by Yggdrasil to create TUN interfaces and are proportional to the stated purpose.
- Persistence & Privilege
- okalways:false and normal model-invocation settings. The SKILL.md says the plugin/gateway will detect and start the daemon — expected behavior for a plugin managing a network daemon. There is no request to modify other skills or system-wide agent configs beyond starting the daemon.