Back to skill
Skillv1.2.0
ClawScan security
C# LSP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 5, 2026, 2:47 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly implements a C# LSP but includes extra multi-language logic, writes debug logs to /tmp unconditionally, and its installer can modify shell RC files and create a system symlink (possibly requiring sudo/SUDO_PASS) — these inconsistencies warrant caution.
- Guidance
- This skill implements the advertised C# LSP but also bundles a multi-language Python daemon and makes system-level changes during setup. Before installing: (1) review scripts/lsp-query.py fully to confirm you are comfortable with multi-language behavior and any logging to /tmp; (2) run setup.sh in a constrained environment (or inspect it) — it may write to ~/.bashrc/.zshrc and will try to create /usr/local/bin/lsp-query (requires sudo); avoid exporting SUDO_PASS (do not provide your sudo password via env); (3) if you prefer less privilege, modify setup.sh to install the symlink to a user-local bin (e.g., ~/.local/bin) and remove automatic RC edits; (4) note that debug logging may record JSON-RPC messages and URIs — check /tmp/lsp-query-debug.log and the code that writes to it if you handle sensitive code. If you need high assurance, run the setup and tests inside an isolated container first.
Review Dimensions
- Purpose & Capability
- concernThe skill is advertised as a C#-only language server (csharp-ls), but the included lsp-query.py is a multi-language LSP client with configuration/commands for many languages (pyright, typescript-language-server, rust-analyzer, gopls, clangd, etc.). That mismatch (skill claims C# focus but ships a general multi-language daemon) is unexpected and may be intentional or leftover from a broader project.
- Instruction Scope
- concernSKILL.md instructs running scripts/setup.sh which installs a global dotnet tool, modifies shell RC files (~/.bashrc or ~/.zshrc) to add ~/.dotnet/tools, creates a symlink in /usr/local/bin, and runs a verification that creates and restores a test project. The Python daemon writes debug entries to /tmp/lsp-query-debug.log (server requests/notifications) without honoring the documented LSP_DEBUG guard, which may log URIs and JSON-RPC payload metadata.
- Install Mechanism
- noteNo centralized install spec is declared, but setup.sh performs a global 'dotnet tool install --global csharp-ls', edits shell RC files, creates /usr/local/bin/lsp-query (using sudo if needed), and creates cache directories. These are common for CLI tools but involve elevated actions (symlink creation) and persistent filesystem changes.
- Credentials
- concernThe skill declares no required credentials but uses several environment variables (LSP_WORKSPACE, LSP_TIMEOUT, LSP_DEBUG, LSP_SERVER) in practice. The installer optionally reads SUDO_PASS (if provided) to run sudo non-interactively — asking users to set SUDO_PASS is risky because it exposes a privileged credential to the environment. LSP_SERVER can override server commands, which increases attack surface if misused.
- Persistence & Privilege
- noteThe skill installs a background daemon (auto-forking, idle shutdown), creates cache and socket files (~/.cache/lsp-query/*), and may place a symlink in /usr/local/bin and add PATH entries to shell RC files. always:false is set (not force-installed), which is appropriate; however the installation modifies user/system files and leaves a persistent daemon while idle, so be aware of that persistence.