Skillv1.0.0

ClawScan security

Blogwatcher Moss · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 3:40 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (it simply wraps the blogwatcher CLI), but it installs a Go module from upstream @latest which means remote code will be built on install — review or pin the source before installing.
Guidance: This skill appears to be what it says: instructions are just how to install and use the blogwatcher CLI. The main risk is the install step: 'go install ...@latest' will fetch and compile upstream code at the latest tag/branch — that code could change between now and later. Before installing, review the GitHub repo (https://github.com/Hyaxia/blogwatcher), prefer a specific release or commit (not @latest), or use a prebuilt binary from a trusted source. Run the binary in a sandbox if you do not trust the publisher. Also verify the publisher identity (there is a small ownerId mismatch in _meta.json vs registry metadata). Finally, be aware the CLI will fetch external feeds (network access) and store/read local data (marking articles read), which is expected but relevant for privacy/security in constrained environments.

Review Dimensions

Purpose & Capability: okName/description (monitor blogs/RSS) matches the declared requirement (a blogwatcher binary) and the SKILL.md commands (add, scan, list, read). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md contains only usage and install instructions for the blogwatcher CLI. The runtime actions the agent is asked to perform are limited to invoking that CLI (e.g., blogwatcher scan, add, list). These commands will necessarily perform network requests (fetch feeds) and read/write the CLI's local storage (marking articles read) — behavior that matches the skill's purpose and is not out-of-scope for a feed watcher.
Install Mechanism: noteInstall uses 'go install github.com/Hyaxia/blogwatcher/cmd/blogwatcher@latest', which fetches and builds code from GitHub. This is a common pattern but is moderate risk because it downloads and executes upstream source at @latest (moving target). Prefer pinning to a specific release or commit and/or reviewing the repository before installing. Also note a minor metadata mismatch: _meta.json.ownerId differs from the registry owner ID, which is worth verifying with the publisher.
Credentials: okNo environment variables, credentials, or config paths are required. The lack of sensitive requests is proportionate to a feed-watching CLI.
Persistence & Privilege: okThe skill is not forced-always and does not request system-wide config changes or elevated privileges. It can be invoked autonomously by the agent (platform default), which is expected for a user-invocable skill.