Skillv1.1.0

ClawScan security

Feelgoodbot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions mostly match a macOS file-integrity + TOTP tool, but there are inconsistencies and missing dependency declarations and the agent integration relies on unspecified external messaging — review before installing.
Guidance: Before installing: 1) Verify and inspect the upstream GitHub repo (github.com/kris-hansen/feelgoodbot) — a 'go install' will fetch and compile code from that source. 2) Understand required tools that the registry metadata omitted: you need Go, clawdbot CLI, and openssl available on PATH. 3) The setup script will enable and write Clawdbot webhook config and write ~/.config/feelgoodbot/config.yaml (it generates and stores a webhook secret). If you use Clawdbot, confirm you trust it and that enabling webhooks and restarting the gateway is acceptable. 4) Running the daemon may require elevated privileges to monitor system binaries; decide whether to run in a controlled environment (VM or test mac) first. 5) The agent flow suggests sending OTP prompts over Telegram (or another messaging channel) but no secure transport/config is provided here — ensure your messaging integration will not leak OTPs or secrets. 6) If you are not comfortable auditing the repository code yourself, treat this package cautiously: it executes third-party code at install time and implements persistent monitoring that will access potentially sensitive files (agent configs, system paths).

Review Dimensions

Purpose & Capability: concernThe SKILL.md and scripts implement a macOS file-integrity monitor and TOTP step-up flow (consistent with the description). However the manifest declares no required binaries or env vars while the instructions and setup.sh clearly require: go (to install the binary), clawdbot (CLI) for webhook integration, and openssl (for token generation). The omission of these required tools in the registry metadata is an incoherence a user should notice.
Instruction Scope: concernRuntime instructions focus on installing feelgoodbot, creating a baseline, and configuring TOTP. But the agent integration pseudocode instructs the agent to send a Telegram message and wait for a reply (no credentials/config for Telegram are provided) and relies on Clawdbot/webhooks for alerts. The SKILL.md also states it monitors 'AI agent configs (Claude, Cursor)', implying reading other agent config files. The guidance about inter-process messaging is underspecified and could result in accidental disclosure of OTPs or other secrets if the agent's messaging channel isn't secure.
Install Mechanism: noteThere is no formal install spec in the registry, but the included scripts use 'go install github.com/kris-hansen/feelgoodbot/cmd/feelgoodbot@latest' which pulls code from GitHub. Using 'go install' from a GitHub module is a common pattern but still executes third-party code fetched at install time — moderate trust should be placed in the upstream repo. The script writes config files and installs a launchd daemon (persistence under macOS).
Credentials: concernThe skill requests no environment variables in metadata, but the setup script reads/writes Clawdbot configuration (reads hooks.enabled and hooks.token, sets a token), writes ~/.config/feelgoodbot/config.yaml, and configures a local webhook secret. The README expects the agent to send messages (Telegram) and to handle OTPs. Requiring access to local agent configs and system binaries is expected for a FIM tool, but the lack of declared dependencies and credentials is inconsistent and could lead to unexpected privilege or data access.
Persistence & Privilege: noteThe skill installs and starts a launchd daemon via feelgoodbot daemon install/start. Persistence is reasonable for a file-integrity monitor, but daemon installation may require elevated privileges and will run continuously. The skill does not set always:true and does not attempt to modify other skills' configs in the provided files.