Skillv0.1.0

ClawScan security

Baserow CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 5, 2026, 10:44 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only wrapper describing how to use the baserow CLI and its required env vars; its requirements and instructions are consistent with that purpose.
Guidance: This skill is coherent with its stated purpose, but before installing: (1) ensure the baserow CLI you install comes from a trusted source (pip package or your distro) to avoid installing malicious binaries; (2) treat BASEROW_TOKEN as a sensitive credential—limit its scope and rotate it if possible, and avoid pasting it into public places; (3) be cautious with destructive commands (delete/batch-delete) — confirm before running them; (4) the CLI may store credentials in ~/.config/baserow-cli/config.toml, so protect that file; (5) though the skill is benign in scope, granting the agent autonomous invocation means it could run the baserow commands if triggered—if you want to prevent automatic runs, disable autonomous invocation in agent settings.

Purpose & Capability: okName/description (Baserow CLI) match the declared requirements: the baserow binary and BASEROW_TOKEN/BASEROW_URL are exactly what a Baserow CLI client needs.
Instruction Scope: okSKILL.md contains only CLI usage, examples, and a config path (~/.config/baserow-cli/config.toml). It does not instruct reading unrelated system files, collecting unrelated secrets, or sending data to external endpoints beyond the Baserow server.
Install Mechanism: okNo install spec is provided (instruction-only). Setup notes reference installing a standard package (pip or a tool manager) — no downloads from untrusted URLs or archive extraction are specified.
Credentials: okRequired env vars (BASEROW_TOKEN, BASEROW_URL) are appropriate and expected for authenticating to Baserow. No unrelated credentials or excessive env access are requested.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request persistent system-wide privileges or modification of other skills' configs.