Skillv1.2.0

ClawScan security

Prioritize uv · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 6:59 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated goal (forcing use of uv instead of pip) but contain metadata inconsistencies and an overbroad, mandatory policy that could break workflows — ask for clarification before enabling.
Guidance: This skill is coherent with its stated purpose (prefer uv for Python work) but has two red flags: (1) the SKILL.md embeds an assertive mandatory policy and an 'always: true' metadata entry even though the published registry flags do not, and (2) the rule is global and could break workflows that don't use uv. Before installing: verify you actually have and trust the 'uv' tool; test the skill in an isolated environment/agent so it cannot change production workflows; request the maintainer to resolve the metadata inconsistency (remove/justify 'always: true' and align required-binaries in the manifest); and consider limiting the skill's scope (e.g., only enforce uv in specific projects) rather than a blanket mandate. If you rely on diverse Python toolchains or CI scripts, do not enable autonomous invocation until you confirm behavior won't break builds or deployments.

Review Dimensions

Purpose & Capability: noteThe name/description and SKILL.md consistently promote prioritizing 'uv' for Python package management and execution; that purpose justifies requiring the uv binary. However the registry/manifest metadata shown to the scanner claims no required binaries while the SKILL.md metadata lists anyBins: [uv], an inconsistency. Functionally, the declared requirements are otherwise proportional to the stated purpose.
Instruction Scope: concernThe SKILL.md mandates that the agent MUST never run Python/pip directly and MUST always wrap Python-related commands with `uv run` or `uvx`. That is a very broad, global rule (applies to 'ANY Python command or CLI tool') and could cause incorrect behavior in environments not using uv. The instructions do not request unrelated files, credentials, or external endpoints, but their absolute language ('CRITICAL', 'MANDATORY') and the inclusion of metadata saying always: true (in SKILL.md) grant the skill sweeping authority over all Python actions — this is scope creep and operationally risky.
Install Mechanism: okThere is no install spec and no code files; this is instruction-only, which means it doesn't write or download code on install. That minimizes install-time risk.
Credentials: okThe skill does not request environment variables, secrets, or access to config paths. Its requirements are limited to preferring a particular binary (uv), which is consistent with its purpose.
Persistence & Privilege: concernThe top-level registry flags indicate always: false, but the SKILL.md metadata contains always: true and describes the skill as 'mandatory' for all Python tasks. This is an internal inconsistency and suggests the skill is attempting to assert permanent/mandatory status via documentation metadata. While the skill itself does not request system-level privileges or modify other skills, the conflicting 'always' claim is noteworthy because an always-enabled skill would have a broader operational impact if the platform honored it.