Skillv1.3.0

ClawScan security

MYR · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 4:28 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are coherent with its stated purpose, but the recommended one-step install (curl | bash), npm install, and instructions to run a persistent, network-exposed peer-sync server with unauthenticated discovery/announce endpoints create noteworthy security and exposure risks that you should review before installing.
Guidance: This skill appears to do what it says, but it carries real operational risk. Before installing: (1) do NOT run the one-line curl | bash without review—download the install script and inspect it first; (2) prefer cloning the repository and auditing the code (especially install.sh and server/index.js) before npm install; (3) run initial tests in an isolated VM or container, not on a production host; (4) avoid exposing the node_url to the public internet—use Tailscale/VPN and firewall rules, and restrict inbound ports; (5) review how keys and config.json are stored and back up secrets securely; (6) require authenticated peer pairing where possible and be cautious about accepting peer announces—unauthenticated discovery can leak metadata; (7) request signed releases or checksums from the author if you need to deploy widely. If you cannot review the code or run it in isolation, consider treating this as untrusted software.

Review Dimensions

Purpose & Capability: okThe name/description (capture, verify, search, export/import, synthesize MYRs) matches the SKILL.md. All runtime instructions (key generation, signing, export/import, search, verification, server for peer sync) are consistent with an intelligence-compounding P2P node.
Instruction Scope: concernThe SKILL.md instructs the agent/operator to run networked services, generate persistent keys/config, run multiple node scripts, and open services for peer sync. It recommends setting MYR_HOME, running npm scripts, starting an HTTP server, and creating a launchd plist for persistence. The server exposes discovery and announce endpoints with no auth and supports automatic peer sync—this broad network behavior increases risk of data leakage or unwanted connectivity. The instructions do not ask for unrelated system files or external credentials, but they do direct persistent, network-exposing actions that go beyond a purely local helper.
Install Mechanism: concernThe recommended 'one-step' install uses piping a raw GitHub-hosted install.sh to bash (curl -fsSL https://raw.githubusercontent.com/... | bash), which executes remote code without local review. The manual install path uses git clone + npm install (which will pull third-party npm packages). No checksums, signatures, or pinned release artifacts are provided. These practices elevate risk compared to a reviewed package or signed release.
Credentials: okThe skill does not request external environment variables or credentials in metadata. It does instruct creation of local keys and writing node_uuid/node_id to config.json and recommends setting MYR_HOME. Those local artifacts are proportional to a P2P node, but storing keys/config on disk and advertising node_url publicly are sensitive and should be handled carefully.
Persistence & Privilege: concernThe documentation explicitly instructs creating a persistent service (macOS launchd example) and running a long-lived HTTP server that peers can reach. While the skill is not force-installed (always:false), installing it as described creates persistent network-facing behavior which increases attack surface and exposure if the software or its dependencies are compromised.