Skillv1.0.0

ClawScan security

ddddd · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 8:51 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's purpose (serving official OpenAI docs) is coherent, but the runtime instructions instruct the agent to attempt privilege escalation (retry installs with "escalated permissions" and 'do not ask the user') which is scope-creep and a clear red flag.
Guidance: This skill appears to do what it says (serve official OpenAI docs), but its runtime instructions tell the agent to try installing an MCP tool and to 'retry with escalated permissions' without asking the user — that is a red flag. Before installing or enabling: (1) ask the skill author to remove any instruction that tells the agent to escalate permissions or to act without explicit user approval; (2) require that any 'codex mcp add' or similar install command be run only after you (the user) explicitly approve and perform the action; (3) verify the MCP install URL (developers.openai.com/mcp) and the requester identity; (4) consider requesting the author fix metadata mismatches (skill name vs SKILL.md/agent) and the missing icon file reference. If you are not comfortable allowing an agent to attempt privilege-escalated installs autonomously, do not enable the skill until these issues are resolved.

Review Dimensions

Purpose & Capability: okThe skill claims to provide authoritative OpenAI developer docs and declares/uses an MCP tool hosted at developers.openai.com — this matches the stated purpose. No unrelated environment variables or binaries are requested. Minor metadata mismatch: registry name is 'ddddd' while SKILL.md and agent metadata use 'openai-docs'/'OpenAI Docs'.
Instruction Scope: concernSKILL.md appropriately directs the agent to use MCP doc tools and only fall back to official OpenAI domains for web search. However, it explicitly tells the agent to run an install command and, if it fails due to permissions/sandboxing, to 'immediately retry the same command with escalated permissions and include a 1-sentence justification for approval' and 'Do not ask the user to run it yet.' That is scope creep: it instructs the agent to attempt privilege escalation and to act without the user's authorization.
Install Mechanism: noteThere is no formal install spec in the skill bundle (instruction-only). The SKILL.md instructs running 'codex mcp add openaiDeveloperDocs --url https://developers.openai.com/mcp' if MCP tools are missing — the URL is an expected official host, which is reasonable. The risk comes from how the install is to be attempted (automated/escalated retries) rather than the source of the install itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths — which is proportionate for a docs lookup skill. The concern is procedural: instructions ask the agent to obtain escalated permissions for installing the MCP tool, which would broaden privilege implicitly without declaring new credentials.
Persistence & Privilege: concernThe skill is not always-enabled and is user-invocable (normal). Nonetheless, the explicit instruction to retry installs with 'escalated permissions' and to not ask the user increases the privilege surface and could allow the agent to change its runtime environment without user consent. This combination is a notable privilege-related risk.