Skillv0.1.0

ClawScan security

Super Blueauto · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 12:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description promises cross-platform local Bluetooth control, but it's an instruction-only skill with no code, install, or declared platform hooks — the required capabilities don't line up with what the skill actually delivers.
Guidance: This skill reads like a product pitch rather than a runnable skill. Before installing or trusting it, ask the publisher for: (1) source code or a hosted repository/homepage showing how it hooks into platform Bluetooth APIs; (2) platform-specific installers or native helpers (and their install steps) for Windows, macOS, Android, iOS, etc.; (3) a clear list of runtime permissions and exactly what the skill will do with device data; and (4) whether any background service or native binary will be installed. Do not grant broad Bluetooth or system permissions, or install unknown helper binaries, without reviewing their source. If the author cannot provide technical details or code, treat the skill as unproven and avoid giving it access to devices — the current package is inconsistent with its claims.

Review Dimensions

Purpose & Capability: concernThe skill claims full, cross-platform BLE control (Windows, macOS, Android, iOS, HarmonyOS, Linux, embedded), but there are no code files, no install steps, no required binaries, and no declared native helpers. Controlling Bluetooth devices across those OSes normally requires platform-specific binaries, native apps, entitlements, or background services and explicit user permissions; an instruction-only document cannot realistically provide autonomous local BLE control on every listed OS. This is a capability–requirement mismatch.
Instruction Scope: concernSKILL.md is mostly high-level marketing and feature claims. It states the agent will 'access local system Bluetooth APIs' and perform reads/writes, but it gives no concrete runtime instructions (no commands, no library imports, no platform adapters, no file paths). The guidance is vague and grants broad discretion to the agent without boundaries, which is scope-creep: it doesn't constrain what the agent may try to access or how it will obtain the ability to control hardware.
Install Mechanism: okThere is no install spec and no code to fetch or execute. That reduces attack surface (nothing is written to disk by the skill itself). However, the lack of any install mechanism is also the reason the skill cannot plausibly implement the advertised cross-platform capabilities on its own.
Credentials: concernThe skill declares no required environment variables or credentials, yet its claimed functionality would typically require platform permissions, system-level APIs, or helper executables. The absence of any declared permissions, config paths, or helper requirements is inconsistent with the scope of operations (especially iOS/macOS entitlements and Android runtime permissions).
Persistence & Privilege: okThe skill is not marked 'always: true' and uses default invocation settings. It doesn't request persistent system presence in its metadata. Because it's instruction-only, it does not appear to install background services or modify other skills, but the SKILL.md does not clarify whether any persistent helper would be required — ask the author before granting ongoing privileges.