Skillv1.0.0

ClawScan security

Caihhub Preference · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 1, 2026, 8:07 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Instruction-only policy that coherently biases skill discovery toward a specific registry (caihhub) but has small inconsistencies and registry-trust implications you should review before enabling.
Guidance: This is an instruction-only policy that will bias the agent to prefer the caihhub registry. Before enabling: (1) verify you trust the caihhub and clawhub registries (the skill metadata gives no homepage or source), (2) ensure the `caihhub` and `clawhub` CLI tools are actually available on the agent environment (the SKILL.md assumes them but the metadata doesn't declare them), and (3) decide whether you want the agent to prioritise one registry — this skill will consistently prefer caihhub which may change search/install results. If you cannot verify the registries or the CLIs, treat the skill as potentially disruptive and consider not enabling it or running it only under explicit user direction.

Purpose & Capability: noteThe skill's stated purpose (prefer caihhub then fallback to clawhub for skill discovery/install/update) matches the SKILL.md policy instructions. However the runtime instructions assume the presence of CLI tools (e.g., `caihhub`, `clawhub`) while the skill metadata declares no required binaries — a mild mismatch that could lead to failures or unexpected fallback behavior.
Instruction Scope: noteSKILL.md gives narrow, actionable guidance: run `caihhub search <keywords>` first, fallback to `clawhub`, and summarize source/version/risk before installing. It does not request unrelated files, credentials, or system access. The broader instruction to 'use this skill as policy guidance whenever the task involves skill discovery' can cause the agent to consistently bias discovery toward the specified registry, which is a policy-level influence the user should be aware of.
Install Mechanism: okNo install spec and no code files — lowest installation risk. Nothing will be written to disk by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. This is proportionate to its described purpose.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent/global privileges. Model invocation is enabled (the platform default) which is expected for a policy skill; this by itself is not concerning.