Back to skill
Skillv1.0.0
ClawScan security
Discrawl Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 4:40 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is coherent with its stated purpose (searching a local Discrawl SQLite DB) but has a few manifest/instruction omissions and a small implementation risk (unsanitized shell SQL) you should review before use.
- Guidance
- This skill appears to do what it says: query a local Discrawl SQLite database. Before installing or enabling it, confirm the following: 1) The agent environment actually has the 'discrawl' CLI and the database at ~/.discrawl/discrawl.db (the manifest did not declare these). 2) Understand privacy implications — the skill can read all stored Discord messages (raw_json, attachments metadata, etc.). Only enable it if you trust the agent and the environment. 3) The provided script interpolates user input directly into SQL executed via the shell; if you or the agent supply untrusted input this can break queries or be abused. If you plan to use this skill with external inputs, sanitize/parameterize queries or restrict to read-only, pre-built queries. 4) If you need stronger guarantees, ask the author to: declare the discrawl binary and config path in the manifest, add input sanitization or parameterized SQL, and include an install/check step that validates the DB path and permissions. If you are unsure, test the script locally on a copy of the DB first or run it in a restricted/sandboxed environment.
Review Dimensions
- Purpose & Capability
- noteThe skill's name, description, SKILL.md, and included scripts all consistently target searching a local Discrawl SQLite database (~/.discrawl/discrawl.db). However, the runtime assumes the 'discrawl' CLI is available and that the local DB exists, yet the manifest declares no required binaries or config paths — a minor inconsistency in declarations (the skill does need access to the local DB and a discrawl binary to function).
- Instruction Scope
- concernSKILL.md and scripts instruct the agent to read/query the local Discrawl database (message contents, raw_json, members, channels). The script and examples also allow/encourage raw SQL queries and the provided search_history.sh directly interpolates user-supplied query and channel into SQL strings executed via the discrawl CLI. This creates two concerns: (1) the manifest does not declare the config path (~/.discrawl/discrawl.db) even though the skill reads it, and (2) the script is vulnerable to SQL-injection or shell-escaping issues if untrusted input is used. There are no instructions to send data to external endpoints.
- Install Mechanism
- okThere is no install spec (instruction-only), so nothing will be downloaded or written during install. The included script expects the 'discrawl' CLI to be present; absence of an install instruction is reasonable but the manifest should have declared the dependency.
- Credentials
- noteThe skill requests no environment variables or credentials, which is proportionate. However it does access sensitive local data (Discord messages and raw_json in ~/.discrawl/discrawl.db). That access is consistent with the purpose but represents a privacy-sensitive capability the user should be aware of.
- Persistence & Privilege
- okThe skill is not marked always:true and doesn't request elevated platform privileges or modification of other skills. It is user-invocable and can be invoked autonomously per platform default; that is expected for skills of this kind.