Skillv1.0.1

ClawScan security

Mac Clamshell Mode · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 4:46 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with a Mac clamshell-mode configurator: it detects model/version and runs local pmset/caffeinate commands (requires sudo) with explicit prompts and rollback guidance.
Guidance: This skill appears to do what it claims: it runs local macOS commands (pmset, caffeinate), detects model/version, and prompts you before making changes. Before installing/running: 1) Review the configure-clamshell.sh script and understand the pmset changes it will make (disablesleep, autopoweroff, sleep/display settings). 2) Expect to be prompted for sudo; only run if you trust the source and you have administrator access. 3) Use check-compatibility.sh first to confirm your device is a MacBook and macOS version is supported. 4) Back up or note current pmset settings (pmset -g) before applying changes so you can restore them manually if needed. 5) Note the small inconsistency: test-skill.sh invokes --dry-run but configure-clamshell.sh does not implement that option — the test may fail. If you rely on battery-powered use, be aware forced headless mode increases battery drain; connect power when recommended.

Review Dimensions

Purpose & Capability: okThe name/description match the scripts: check-compatibility.sh inspects model/version, configure-clamshell.sh modifies macOS power settings (pmset) or recommends caffeinate/Amphetamine. All required actions (changing pmset, using caffeinate) are appropriate for the stated purpose.
Instruction Scope: noteSKILL.md describes interactive modes and safe rollback, and the scripts require explicit user confirmation before applying changes. Minor inconsistency: test-skill.sh calls './configure-clamshell.sh --dry-run' but configure-clamshell.sh does not implement a --dry-run option — this may cause the test script to fail. Otherwise instructions remain local and do not attempt to read unrelated system secrets or call external endpoints.
Install Mechanism: okNo install spec or remote downloads are present; the skill is delivered as local scripts packaged with the skill. No network fetches or archive extraction are performed during install.
Credentials: okThe skill requests no environment variables or external credentials. It does require elevated privileges at runtime (uses sudo), which is expected for modifying system pmset settings.
Persistence & Privilege: noteThe skill does not request permanent presence (always:false) nor modify other skills. It does perform privileged system configuration (sudo pmset) and will change system power behavior while active; these privileges are proportional to the task but require user attention because they affect device power/battery behavior.