Back to skill
Skillv1.0.0
ClawScan security
Korta Blogwatcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 6:20 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match its stated purpose (running the blogwatcher CLI); nothing requested is disproportionate, but the install fetches/builds code from GitHub using @latest so you should review and consider pinning a release before installing.
- Guidance
- This skill is coherent with its description: it simply runs the blogwatcher CLI. Before installing, review the GitHub repository source to ensure it matches your expectations and consider installing a pinned release (not @latest) for stability and safety. Be aware `go install` will compile and write a binary (to GOBIN/GOPATH/bin or your environment's bin), and the tool will make network requests to fetch RSS/Atom feeds. If you want tighter control, fetch the source and audit it locally or build from a specific tagged version.
Review Dimensions
- Purpose & Capability
- okName/description, required binary (blogwatcher), and example commands all align: the skill exists to run the blogwatcher CLI and only asks for that binary.
- Instruction Scope
- okSKILL.md only documents installing and invoking blogwatcher commands. It does not request unrelated files, extra environment variables, or outbound endpoints beyond the expected feed fetching behavior.
- Install Mechanism
- noteInstall uses `go install github.com/Hyaxia/blogwatcher/cmd/blogwatcher@latest`. GitHub/go-installs are a common mechanism, but @latest will fetch whatever code is current at install time (not pinned). This means the code compiled on install could change later; review the repo or pin a specific version for reproducibility.
- Credentials
- okNo environment variables, credentials, or config paths are requested — this is proportionate for a feed-watching CLI.
- Persistence & Privilege
- okSkill is not always-enabled and does not request system-wide privileges or modify other skills. Agent autonomous invocation is allowed (platform default) but is not combined with other red flags here.