Back to skill
Skillv1.0.0
ClawScan security
Kairoa Toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 8:50 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper that only tells the agent how to launch a local Kairoa desktop app and open deep links — its requests and instructions are coherent with that purpose, but provenance is unclear and there are small documentation inconsistencies to note.
- Guidance
- This skill is just a launcher for a local Kairoa desktop app and examples of 'kairoa://' deep links. Before installing: (1) confirm you have Kairoa installed from a trusted source — the skill metadata has no homepage or official download link, so verify provenance separately; (2) avoid embedding secrets in deep-link query parameters (e.g., passwords, API keys), since URLs can be logged or leaked; (3) be aware instructions are macOS-specific (uses 'open' and /Applications paths); (4) if you don't have the app, the skill offers no installer — you must obtain/build the app yourself. If you need stronger assurance, request the official project homepage/releases or source code to review before using.
Review Dimensions
- Purpose & Capability
- okName/description claim: launch Kairoa desktop app and expose deep links to 60+ dev tools. The SKILL.md contains only instructions for launching the app and examples of kairoa:// deep links for individual tools. No unrelated credentials, binaries, or install steps are requested, so required capabilities align with the stated purpose. Minor mismatch: registry metadata summary mentions 40+ tools while README says 60+.
- Instruction Scope
- noteInstructions are limited to: (a) macOS 'open' commands to start the Kairoa.app and (b) a short Python snippet that auto-detects an app path and runs 'open' on it. The SKILL.md provides examples of deep links that include query parameters (e.g., password=MyP@ssw0rd). While the skill itself does not exfiltrate data, deep links can carry sensitive values in URLs — users/agents should avoid passing secrets in query params. The guidance is macOS-centric; non-mac OS instructions are not provided.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files that execute on install. There is nothing downloaded or written to disk by the skill content itself, which is the lowest-risk installation model.
- Credentials
- okNo required environment variables, credentials, or config paths are declared or referenced. The Python snippet reads only local filesystem paths for app detection — this is proportionate for the stated purpose of locating and launching a local app.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system presence or modify other skill configs. It merely instructs how to launch a local app; autonomous invocation is allowed by default but not combined with broad privileges here.