Skillv1.0.0

ClawScan security

Mirror Source Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 7:19 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's claims (manage package-manager mirrors) match its instructions and requirements, but its published install options include a high-risk curl|sh auto-installer and an unusual conda host that you should review before use.
Guidance: This skill appears to do what it says (manage package mirrors) and asks for no secrets, but installing the underlying x-cmd runtime can be risky if you choose the one-line auto-installer. Prefer the Homebrew path (signed bottles) or the manual download+review option. Never run curl -fsSL https://get.x-cmd.com | sh on a machine with sensitive data or long-lived credentials. If you plan to install, review the install script at get.x-cmd.com and verify referenced checksums and release artifacts (and be cautious about any unfamiliar domains such as conda.prefix.dev). If you want the agent to perform installation, require explicit consent and prefer Homebrew/manual-review over the auto-install option.

Review Dimensions

Purpose & Capability: okThe SKILL.md describes mirror management for many package managers and all runtime instructions call the x-cmd loader and x mirror subcommands. Requiring the x-cmd runtime (~/.x-cmd.root/X) and providing installation guidance is consistent with the stated purpose. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteRuntime instructions stay on-topic (listing/setting/restoring mirrors). The SKILL.md instructs the agent to source ~/.x-cmd.root/X and, if not present, to offer installation options. It does not ask the agent to read unrelated files or environment variables. However, the included installation guidance explicitly permits the agent to download and run remote install scripts (with user consent), which expands runtime behavior to executing network-fetched code — this is documented but worth flagging.
Install Mechanism: concernThe skill is instruction-only (no package install spec), but data/install.md promotes three install paths: Homebrew (recommended, low risk), a manual download+review (medium risk), and an auto-install curl -fsSL https://get.x-cmd.com | sh (high risk). The auto-install pattern (pipe to sh) is inherently risky. The guide also references binaries from GitHub releases (normal) and packages from an unusual domain (https://conda.prefix.dev), which should be verified. Although the doc recommends verification and Homebrew, the presence of a one-line remote-exec install is the primary risk.
Credentials: okThe skill declares no required environment variables, no credentials, and no special config paths. The install scope is user-local (~/.x-cmd.root/) and claims no sudo required. That is proportionate for a CLI helper. Note: running the networked installer in an environment containing secrets is warned against in the doc.
Persistence & Privilege: okThe skill is not always-included, and it does not request elevated privileges. Installation is user-local and self-contained. The included agent workflow instructs the agent to ask the user before installing, which limits autonomous high-privilege actions. There is no instruction to modify other skills or system-wide settings beyond adding files under ~/.x-cmd.root/ and shell sourcing.