Skillv0.0.1

ClawScan security

Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 3:10 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and runtime instructions expect a local Python drawing script and card files, but none of those files or an install step are included — this mismatch makes the skill incoherent and requires you to verify missing artifacts before using it.
Guidance: This skill is incoherent as-published: SKILL.md expects a local Python script and card/reference files that are not included. Before installing or enabling it, do the following: (1) ask the publisher for the missing files (scripts, cards, INTERPRETATION_GUIDE.md) or point the skill to a verified repository; (2) inspect the draw_cards.py source to confirm it only uses os.urandom and local file reads and does not perform network calls, file writes outside its directory, or data exfiltration; (3) verify what {baseDir} will be in your agent runtime so the skill cannot read sensitive system files; (4) if you must fetch the code from the referenced GitHub link, review the exact commit and run it in an isolated environment first; (5) avoid using this skill for safety-critical or privileged decisions and limit autonomous invocation until you confirm the implementation. If the author provides the missing artifacts and they are simple (only os.urandom, Fisher–Yates, reading included markdown files), the skill can be benign; until then treat it as suspicious.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes running a Python script that performs cryptographic draws and reading card markdown files under {baseDir}/ (cards, references, scripts). However the published package contains only SKILL.md and no script, no card files, and no install spec. The instructions also reference python3 but the skill does not declare it as a required binary. That mismatch means the skill as published cannot perform its claimed function without additional external files.
Instruction Scope: concernRuntime instructions tell the agent to execute python3 {baseDir}/scripts/draw_cards.py and to read files under {baseDir}/cards/ and {baseDir}/references/. Those actions involve running a script and reading local files that are not included in the bundle; the SKILL.md gives no guidance about where {baseDir} comes from. This creates ambiguity: the agent may fail to run, or an operator might supply or fetch arbitrary code to fulfill the instructions. The guidance about mapping card meanings to technical decisions is high-level but could lead to nondeterministic decision-making if used without safeguards.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk in itself. However because required runtime artifacts (script and card files) are missing, a user or integrator might attempt to obtain these from the referenced GitHub path or another source. The SKILL.md links a GitHub path; the absence of bundled code means you should verify the remote source and the exact script contents before running anything fetched from the network.
Credentials: noteThe skill requests no environment variables and no credentials, which is proportionate. That said, the instructions read files under {baseDir}/ and execute python3, so you should confirm what {baseDir} will point to in your environment; if it's not restricted to the skill's own directory it could lead to reading unintended local files. The SKILL.md does not declare python3 as a required binary despite invoking it.
Persistence & Privilege: okalways is false and the skill is not forcing persistent inclusion or elevated privileges. There is no indication it modifies other skills or system-wide settings.