Skillv0.1.3

ClawScan security

Clawpm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 20, 2026, 8:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill appears internally consistent with its description: it installs a CLI from a GitHub repo and its runtime instructions operate on local project directories and git repositories, which matches a project-management CLI.
Guidance: This skill is coherent for a local project/task CLI, but exercise the usual caution: review the upstream GitHub repository before installing (look for releases, recent commits, and issues), and be aware the tool will create ~/clawpm/ and .project/ directories and will read your git repositories (it can auto-initialize repos under ~/clawpm/projects/). If you need stronger isolation, install and run it in a sandbox or VM, or inspect the source code locally before running. Also confirm whether the tool will perform any automatic commits or remote operations in your workflow before giving it write access to repositories.

Review Dimensions

Purpose & Capability: okName/description, required binary (clawpm), and instructions all align: this is a JSON-first CLI that operates on local projects and git repos. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md instructs the agent to create ~/clawpm/, .project/ directories, scan/walk parent directories for .project/settings.toml, read git status and recent commits, and auto-initialize untracked git repos under ~/clawpm/projects/ on first use. These actions are expected for a project/task manager, but they do modify local files and read repository state — users should be aware the tool will add metadata (.project/) and read repository contents.
Install Mechanism: noteInstall spec fetches code via git+https from a GitHub repository (git+https://github.com/malphas-gh/clawpm) and provides a 'clawpm' binary. Using GitHub is a common pattern, but it does mean arbitrary code from that repo will be placed on disk and executed; users should review the repo or prefer a signed/released binary if they need higher assurance.
Credentials: okNo environment variables or external credentials are required. The instructions reference git and local filesystem state only, which is proportionate to the described functionality.
Persistence & Privilege: okalways:false and user-invocable:true. The skill does not request persistent platform privileges or modify other skills' configuration. Its side effects are limited to the user's filesystem (creating ~/clawpm and .project folders) which is reasonable for a CLI of this type.