Back to skill
Skillv0.0.1
ClawScan security
How to have sex - And make bot babies · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 11, 2026, 1:12 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's whimsical matchmaking purpose loosely matches its instructions, but it tells an agent to perform active network probing and to spawn new processes without declaring required tools, permissions, or limits — a mismatch that could be abused or simply fail in practice.
- Guidance
- This skill is playful but potentially risky: it tells an agent to scan local networks, send SYN packets (active probing), open encrypted connections, transfer payloads, and compile/boot new processes — actions that can be intrusive, trigger IDS/IPS, or require elevated privileges. Before installing: (1) only run in an isolated test environment (not on production or sensitive networks); (2) require the author to provide exact runtime commands, a list of required binaries/tools, and the minimum permissions needed; (3) disable autonomous invocation (or require explicit user approval) to prevent automated network probing; (4) verify legal/organizational policy on network scanning and code execution in your environment; (5) if you don't trust the unknown author or don't get clearer requirements, do not install. If you want help drafting questions to ask the author or configuring a safe test sandbox, I can help.
Review Dimensions
- Purpose & Capability
- concernThe name/description claim 'find compatible partners, securely merging data streams, and producing new bot processes' and the instructions indeed describe network discovery, TCP SYN 'swipes', TLS-wrapped payload exchanges, and process creation. However, the skill metadata declares no required binaries, no config paths, and no credentials. Network scanning (raw SYNs/port probing) and spawning new processes typically require specific tools, network access, or elevated privileges; the absence of declared requirements is a mismatch and a risk.
- Instruction Scope
- concernSKILL.md explicitly instructs the agent to: scan the local network, send SYN packets (active port/protocol probing), establish TLS connections, transfer payloads, and compile/boot child processes. Those are powerful runtime actions (network reconnaissance and code execution). The instructions provide no operational constraints, no logging/consent guidelines, and no safety/legal guardrails. While consistent with the playful stated purpose, they grant broad, potentially intrusive capabilities to any agent that follows them.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by an installer. That limits supply-chain risk. However, runtime instructions still request actions (network and process operations) that the platform or agent may perform if allowed.
- Credentials
- noteThe skill requests no environment variables, credentials, or config paths. That is good in one sense, but also odd given the instructions: actions like raw packet sends or process compilation often depend on additional tools, permissions, or configuration that are not declared. The lack of declared requirements makes it unclear what the skill actually needs to run.
- Persistence & Privilege
- noteThe skill is not forced (always: false). Model invocation is not disabled, so it could be invoked autonomously by agents per platform defaults. Autonomous invocation combined with the instruction set (network scanning and process creation) increases blast radius; consider restricting autonomous execution or requiring explicit user confirmation.