Skillv1.1.0

ClawScan security

Surge Download Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 11:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches a download-manager wrapper, but small inconsistencies (metadata vs SKILL.md) and the fact it invokes an external 'surge' binary without an install spec mean you should verify the upstream binary and repository before installing.
Guidance: This skill appears to be a thin wrapper around a local 'surge' download manager and is generally coherent with that purpose, but there are small metadata inconsistencies (missing required-bins in registry metadata vs SKILL.md) and no install is provided, so the wrapper will call whatever 'surge' binary is on PATH. Before installing or running this skill: (1) Verify the upstream project/release you plan to install (prefer official GitHub releases or your OS package manager), (2) avoid running an untrusted 'surge' binary — inspect or build it from source if possible, (3) be aware the wrapper launches the surge binary with user-provided URLs/args (no extra sanitization), so run it with least privilege and avoid running as root, (4) confirm the SKILL.md homepage and registry info match the repository you download from. If you want higher assurance, request an install spec that pins a vetted package or includes a checksum for the binary.

Review Dimensions

Purpose & Capability: noteThe name, description, SKILL.md and scripts/surge.py all describe a wrapper for the 'surge' download manager and the advertised features (TUI, server mode, add/list/pause/resume) align with the code and instructions. However, registry metadata earlier listed no required binaries while SKILL.md metadata explicitly names the 'surge' binary and gives a GitHub homepage — this mismatch is inconsistent and worth verifying.
Instruction Scope: okSKILL.md's runtime instructions stay on-task: how to install the surge binary, running server/TUI, adding URLs, and using tokens. The included wrapper script only runs the local 'surge' command, lists status, and starts the server. There are no instructions to read unrelated files, export environment secrets, or call external endpoints beyond the normal download flow.
Install Mechanism: noteThere is no formal install spec in the registry (instruction-only), but SKILL.md recommends installing via brew, go install, or downloading a release from GitHub. That is reasonable, but because the skill will invoke a local 'surge' binary, you should confirm the binary's provenance (the SKILL.md points to a GitHub URL while the top metadata declared no homepage — another minor inconsistency).
Credentials: okThe skill doesn't request any environment variables, credentials, or config paths. The wrapper script doesn't read env vars or secrets. The only token mentioned is the surge application's API token (returned/managed by the surge binary itself), which is expected for a server-mode download manager.
Persistence & Privilege: okThe skill does not request 'always: true' or any elevated, persistent platform privileges. It starts subprocesses (surge server) as a normal user operation and does not modify other skills or system-wide agent configuration.