Back to skill
Skillv1.0.0
ClawScan security
Rdk X5 System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 6:39 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only system-management skill whose requested binaries and commands align with its stated purpose; it performs privileged, potentially destructive operations (firmware update, partition resize, etc.), so exercise caution before allowing automated execution.
- Guidance
- This skill is coherent for RDK X5 system management, but it contains high-impact operations (firmware updates, partition resizing, editing boot config, running sudo). Only use it if you trust the skill source and you have physical access or recovery media in case of failure. Prefer running the documented commands manually yourself (or requiring explicit user confirmation) rather than allowing autonomous execution. Verify the presence and expected behavior of binaries like rdk-backup and rdk-miniboot-update on a test device, and ensure you have backups before performing OTA or miniboot updates.
Review Dimensions
- Purpose & Capability
- okThe name/description describe RDK X5 system management and the SKILL.md only references system-management binaries, files, and commands (apt, rdk-backup, rdk-miniboot-update, /boot/config.txt, /sys, systemd, resize2fs). The required binaries (apt, rdk-backup) are appropriate for the stated tasks.
- Instruction Scope
- noteInstructions stay within system-management scope (viewing hardware, backups, OTA upgrades, firmware update, CPU governor toggles, kernel switching, systemd services, resizing storage). However the steps include privileged, destructive actions (firmware miniboot update, partition growth/resizing, editing boot config) that can brick devices or require physical recovery; the SKILL.md legitimately needs these commands but they are high-impact and require user caution.
- Install Mechanism
- okNo install spec or bundled code — instruction-only skill; nothing is written to disk by the skill itself. This is the lowest risk install mechanism.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The SKILL.md does access system files and device paths that are appropriate for system administration (e.g., /sys, /proc, /boot).
- Persistence & Privilege
- okalways:false and default autonomous invocation are set. The skill does not request permanent platform-wide privilege nor modify other skills' configs. Note that allowing autonomous invocation could let an agent execute high-privilege commands without interactive user confirmation.