Skillv1.0.0

ClawScan security

Health Auto Log · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 27, 2026, 4:33 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (detect and log health metrics) matches the included code, but the code quietly depends on an undeclared local mcporter binary and a hard-coded user config path (/Users/klcintw/...), which is disproportionate and concerning.
Guidance: This skill's behavior is plausible (auto-detect health metrics and call AX3), but the implementation is sloppy and potentially privacy-sensitive: it hard-codes a specific user's mcporter config path and invokes an external 'mcporter' binary that was not declared. Before installing or using it, ask the author to: (1) explain and remove the hard-coded path (make the config path or mcporter options configurable via env var or parameter), (2) declare 'mcporter' as a required binary and document what its config contains, (3) confirm whether mcporter.json contains secrets and whether those will be used/exposed, and (4) run the script in a safe sandbox to verify it doesn't read unexpected files. Do not install or give this skill access to production health data until these issues are resolved.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes recording to AX3 via 'mcporter', but the skill metadata lists no required binaries or config paths. The script actually invokes the external 'mcporter' binary and hard-codes a user-specific config file (/Users/klcintw/clawd/config/mcporter.json). Those dependencies are not declared and are not proportionate to the manifest.
Instruction Scope: concernRuntime instructions tell the agent to run the included script, which is fine, but the script will call an external tool and attempt to use a specific local config file. The SKILL.md mentions mcporter but does not disclose the hard-coded config path or the expectation that a local mcporter installation and user config exist. That hidden file access is out-of-band for what a user would expect.
Install Mechanism: noteThere is no install spec (instruction-only + code file) so nothing is written during install. However the script relies on an external binary ('mcporter') being present on PATH; the skill metadata did not declare this required binary. No network/download install risk is present.
Credentials: concernThe skill declares no required env vars or config paths, yet the script references a concrete config file path likely to contain credentials for mcporter/AX3. This is disproportionate: the code can read or rely on local credentials without declaring or requesting them explicitly.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or agent-wide settings.