Skillv3.0.0

ClawScan security

AIclude Security Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 17, 2026, 9:59 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with a vulnerability lookup service that sends package names to an external AICLUDE scan API; it does not ask for credentials or local files, but network calls to an external service cannot be verified locally.
Guidance: This skill appears internally consistent and only needs a package name/type to query AICLUDE's external scan service. Before using it: (1) confirm you trust https://vs.aiclude.com and the linked GitHub repo if you will send any package names; (2) avoid scanning private or sensitive package names unless you accept that the target name will be transmitted to the external service; (3) if you need stronger assurance, review the upstream repo code (the published package) or test the skill with a public package name first; and (4) monitor outbound network activity while the skill runs if you want to verify it only sends the claimed data.

Purpose & Capability: okName/description (vulnerability scanner) align with the instructions and included files: the skill conducts lookups against the AICLUDE scan database and (if needed) registers the target for server-side scanning. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md instructs the agent to send the package name and type to the AICLUDE scan API, wait for a server-side scan if necessary, and return results. The instructions do not ask the agent to read local files or secrets, but they do require transmitting data externally (package name and type). The claim 'only the package name and type are sent' is plausible but cannot be verified from the instruction-only content.
Install Mechanism: okNo install spec and no executable code are included in the skill bundle (instruction-only). A package-lock.json and README appear to describe an npm package, which is expected; nothing in the files indicates a remote executable download or other risky install behavior.
Credentials: okNo environment variables, credentials, or config paths are required. The lack of secret requests is proportionate to the described task.
Persistence & Privilege: okalways is false (not force-included). disable-model-invocation is false (agent may invoke autonomously) which is the platform default and reasonable for a lookup skill. The skill does not request system-wide configuration changes.