Skillv1.0.0

ClawScan security

Contact Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 17, 2026, 1:30 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Instruction-only contact-management skill whose commands align with its description; minor manifest/README inconsistencies but no signs of credential requests or hidden exfiltration.
Guidance: This skill is an instruction-only contact manager that expects a 'clawhub' CLI to run the shown commands; it does not request secrets or perform unexpected I/O. Before installing or using it: (1) confirm where the 'clawhub' CLI comes from (the README suggests installing via npx) and review that package's code or source; (2) note the small manifest mismatch: _meta.json lists 'curl' as required even though the instructions don't use it — harmless but inconsistent; (3) exporting contacts will write files locally (CSV/VCF/JSON), so avoid exporting sensitive data to untrusted locations; (4) because the skill is instruction-only, the main risk is trusting external tooling (clawhub/npx). If you plan to run the recommended npx install, inspect that package first.

Purpose & Capability: noteSKILL.md shows CLI usage (clawhub contact ...) that matches the contact-management purpose. Minor inconsistency: _meta.json lists a required binary 'curl' that is not referenced in the instructions or README and is not necessary for the stated features.
Instruction Scope: okRuntime instructions are limited to expected contact operations (add/search/group/export). They do not instruct reading unrelated files, accessing environment secrets, or sending data to external endpoints.
Install Mechanism: noteNo install spec (instruction-only), which is low risk. README suggests installing via `npx clawhub@latest install contact-manager` — that implies reliance on an external 'clawhub' package; you should verify the provenance of that package before running it. No archives or downloads are included in the skill bundle.
Credentials: okThe skill declares no required environment variables or credentials. The only manifest entry that looks like a requirement is the 'curl' binary in _meta.json; this is disproportionate to the provided instructions (which reference the 'clawhub' CLI instead).
Persistence & Privilege: okSkill is not 'always' enabled and does not request elevated or persistent privileges. It is user-invocable and allows autonomous invocation by default (the platform default); there is no evidence it modifies other skills or system-wide settings.