Skillv0.1.0

ClawScan security

Pve Automation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 3, 2026, 11:31 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (Proxmox automation) but the package metadata omits required credentials and the runtime instructions/code include operations (reading local config, disabled SSL verification, and use of API tokens) that are not reflected in the declared requirements — this mismatch and a few risky defaults make the package suspicious until clarified.
Guidance: This skill appears to implement a real Proxmox API client and documentation, but there are important mismatches and risky defaults you should consider before installing: - Metadata vs reality: The package metadata declares no required credentials, but the code and README require PVE_HOST, PVE_TOKEN_ID and PVE_SECRET. Treat this as an omission — ask the publisher to update the metadata or avoid using until clarified. - Secrets and privilege: The client defaults to root@pam and expects API tokens; prefer creating a least-privilege API token for automation instead of root-level tokens. Do not paste high-privilege tokens into untrusted contexts. - SSL verification: The client and README use verify=False by default. That is unsafe for untrusted networks — enable certificate verification in production or only run in a trusted internal network. - Local file/command suggestions: SKILL.md suggests running commands that read local files (e.g., grep /etc/default/pveproxy). If you run the agent or the CLI on a shared host, those commands could expose local config. Only run in an environment you control. - Source provenance: The skill's source/homepage is unknown. Prefer code from a known/verified source. If you need this functionality but want to be cautious, review the included scripts locally, run them in an isolated environment, and update the script to enable SSL verification and explicitly document required env vars. If you plan to use this skill: (1) request or require correct metadata listing required env vars, (2) audit and run the code in a safe environment, (3) issue a least-privilege token for automation, and (4) enable SSL verification and/or use proper certificates.

Review Dimensions

Purpose & Capability: concernThe code (scripts/pve_client.py), README.md, and SKILL.md implement and document Proxmox VE API operations (VM/LXC lifecycle, storage, snapshots, tasks, etc.), which is coherent with the skill name and description. However the skill registry metadata declares no required environment variables or primary credential, while both the client code and README expect PVE_HOST, PVE_TOKEN_ID and PVE_SECRET (and optionally PVE_USER). That mismatch (code needs credentials but metadata claims none) is an incoherence that should be resolved.
Instruction Scope: noteSKILL.md and README describe and show direct API calls to the PVE REST API (expected). SKILL.md includes an example of running 'grep "port" /etc/default/pveproxy' and other host-level checks — instructions that reference reading local system config files or running shell commands on the agent host are out-of-band for a pure remote-API automation skill and could expose environment-specific data. Also the documentation and code set verify=False for SSL by default (README notes this as "suitable only for trusted internal environments"), which weakens transport security if used unintentionally.
Install Mechanism: okNo install spec is present (instruction- and code-bundle only). There is a single included Python script and guidance to pip-install 'requests' and 'urllib3'. No external downloads or archive extraction are used, which limits install-time risk.
Credentials: concernThe code requires PVE_HOST, PVE_TOKEN_ID and PVE_SECRET (and optionally PVE_USER) to operate; these are proportionate to managing Proxmox, but the registry incorrectly lists no required env vars/credentials. The default user is root@pam in code and docs — if operators provide root-scoped tokens that is high privilege. The skill should declare its required env vars and recommend least-privilege token scopes and secure handling of secrets. Additionally, defaulting to disabling SSL verification (verify=False) increases risk of credential exposure to man-in-the-middle attacks.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated persistence. It is user-invocable and model-invocation is allowed (the platform default). There is no evidence the skill modifies other skills or system-wide agent settings.