Skillv1.0.0

ClawScan security

Archive/Compression Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 7:18 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches an archive helper, but it relies on an external x-cmd installer (including a curl | sh auto-install option) and the SKILL.md/installation guide contain high-risk install paths and an implicit requirement to source ~/.x-cmd.root/X that aren't declared in the registry metadata.
Guidance: This skill appears to be a legitimate archive helper, but it depends on an external CLI 'x-cmd' that must be installed. Prefer the Homebrew install path (brew install x-cmd) if available. Do NOT allow the agent to run the curl | sh auto-install in environments with secrets or production data — that flow executes remote code before you can fully review it. In sensitive contexts either install x-cmd yourself after reviewing the install script and verifying checksums, or refuse auto-install and ask the agent to wait. Also note the skill's SKILL.md prescribes always using the x-cmd loader (~/.x-cmd.root/X); confirm you trust the x-cmd project and its release sources (get.x-cmd.com and the GitHub releases) before proceeding.

Review Dimensions

Purpose & Capability: noteThe skill is an archive/compression assistant and its runtime instructions consistently use an external tool 'x-cmd' to perform operations, which is coherent with the stated purpose. However, the registry metadata lists no required binaries while the SKILL.md requires sourcing ~/.x-cmd.root/X and running x-cmd commands — an undeclared runtime dependency (not fatal but inconsistent).
Instruction Scope: concernSKILL.md instructs the agent to source a user-local loader (~/.x-cmd.root/X), to invoke x-cmd commands, and to offer installation if missing. The included install guide explicitly permits automated remote-script execution (curl | sh). The instructions do not ask the agent to read unrelated files or secrets, but they do direct downloading and executing remote code which broadens the skill's runtime scope beyond simple local command usage.
Install Mechanism: concernThere is no registry install spec, but data/install.md describes three install methods: Homebrew (low risk), manual-download-and-review (medium), and curl -fsSL https://get.x-cmd.com | sh (high risk). The presence of a curl|sh auto-install option that executes remote code without prior manual review is a notable supply-chain risk, even though the guide warns about it. The guide references GitHub releases and checksums (reasonable) but the auto-install flow still performs execution before verification.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths beyond its own user-local loader. It does not request unrelated credentials or access to other skills' config. Installing requires network access to download binaries, which is proportionate to installing CLI tooling.
Persistence & Privilege: notealways is false and autonomous invocation is allowed (platform default). The skill installs into a user-local directory (~/.x-cmd.root/) and instructs sourcing that loader; it does not request system-wide privileges. Still, the agent guidance permits automated installation when the user consents — enabling an agent to download and run remote code in the user's environment — which increases risk if consent is given inappropriately.