Security Checker
PassAudited by ClawScan on May 10, 2026.
Overview
The provided artifacts look like a benign local Python security scanner, with normal cautions around scanning only intended folders and not treating scan success as automatic permission to publish.
This skill appears safe to use as a local static checker. Point it only at the skill files you mean to scan, manually review any warnings, and do not let the example publishing commands run unless you explicitly intend to publish.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a large or sensitive directory, it will read local Python files and print file names and warnings, although it does not print detected secret values or upload data.
The scanner recursively reads Python files from a user-supplied path. This is necessary for its purpose, but a broad path could cause it to inspect more local code than intended.
target = Path(sys.argv[1]) ... elif target.is_dir(): all_issues = scan_directory(target) ... for py_file in directory.rglob('*.py'):Run it only on the specific skill directory or files you intend to review.
If copied or followed blindly, a passing scan could be treated as approval to publish before final human review.
The documentation includes a publishing command as part of a pre-publish workflow. It is disclosed and related to the stated use case, but publishing is a public, high-impact action.
# 4. Only publish if scan passes clawhub publish /path/to/skill --slug my-skill ...
Treat scan results as advisory and require explicit user approval before running any publish command.