Skillv0.1.0

ClawScan security

Repomix Explorer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 5:08 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are internally consistent with a Repomix-based repository analysis tool, but it relies on executing a remote npm package at runtime which carries normal supply-chain risk.
Guidance: This skill appears to do what it says: run Repomix to pack a repo and analyze the output. Before installing/using it, consider: (1) npx repomix@latest will fetch and execute code from the npm registry — if you want stronger guarantees, pin a specific repomix version (e.g., repomix@1.2.3) or install/inspect the CLI yourself; (2) the agent will read repository files and any generated output in /tmp or the working directory — do not run it on repositories containing secrets you don't want to expose; (3) run the skill in a sandbox/container if you are worried about executing third-party code; (4) verify the repomix package source (npm package page, GitHub repo, checksum) if you need higher assurance. If you control the environment, manually installing and vetting repomix before allowing the agent to run it reduces risk.

Review Dimensions

Purpose & Capability: okName/description match the instructions: the skill tells the agent to run the Repomix CLI (via npx) to pack and analyze repositories, and to read the produced output for analysis. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: noteThe SKILL.md explicitly instructs the agent to run shell commands (npx repomix@latest) and to read generated output files (usually in /tmp or ./repomix-output.xml). This stays within the stated purpose (analyzing remote or local repos). However, allowing shell execution and arbitrary file reads means the agent will access repository contents and any generated output; ensure the user expects the agent to read the repo and any sensitive files it may contain.
Install Mechanism: noteThis is an instruction-only skill with no install spec, but the runtime commands use `npx repomix@latest`, which downloads and executes code from the npm registry. Using npx/@latest is convenient but can execute arbitrary code from a third-party package at runtime — a normal supply-chain risk for CLI tools. No archive downloads from untrusted URLs are present.
Credentials: okNo environment variables, credentials, or config paths are requested. The required surface is proportional to the stated purpose (analyzing repositories).
Persistence & Privilege: okThe skill does not request persistent/always presence; default autonomy is allowed (platform default). It does not propose modifying other skills or system-wide settings. Output files are written to /tmp or local working directory per the instructions.