Skillv1.0.0

ClawScan security

Tribunal Install · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 3:32 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only installer that tells an agent how to install and initialise a third‑party package (Tribunal) using standard package managers and how it will write project config under .claude/ — nothing requested is disproportionate to that purpose.
Guidance: This skill is coherent but will install and run third‑party code in your environment and modify project config under .claude/. Before installing: (1) review the package source (https://github.com/thebotclub/tribunal and https://tribunal.dev) to confirm trust, (2) prefer installing in a virtualenv/container or use --user to avoid system-wide installs, (3) avoid installing global npm/brew packages as root, (4) run tribunal init in a sandbox or on a branch and inspect .claude/tribunal.json and .claude/settings.json changes, (5) run tribunal doctor locally to see what services it tries to start and whether it requires network access, and (6) pin a specific package version if you adopt it in CI. If you cannot review the package source, treat the install as higher risk.

Review Dimensions

Purpose & Capability: okName/description match the instructions: the SKILL.md only describes installing and initialising a code-quality tool and references package managers and repository/homepage that align with that purpose. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okRuntime instructions are narrowly scoped: they instruct installing the package, running tribunal init (which writes .claude/tribunal.json and merges into .claude/settings.json), and running doctor/ci checks. The instructions do not ask the agent to read or exfiltrate unrelated secrets or system files.
Install Mechanism: noteNo install spec is embedded in the skill; the SKILL.md relies on external package managers (pip/uv, npm, Homebrew). This is a normal approach but has moderate operational risk because it will execute third‑party code fetched at install time from external registries (PyPI, npm, or a Homebrew tap).
Credentials: okThe skill declares no required environment variables or credentials and the instructions do not reference any secrets or unrelated env vars. The tool will write project-local config (.claude/*) which is appropriate for its stated purpose.
Persistence & Privilege: noteThe skill is not always-enabled and does not request elevated platform privileges, but tribunal init will modify project config (.claude/settings.json) and may install/run background worker services or a dashboard per its docs — users should be aware it changes project state and may run services or network connections.