Skillv1.0.0

ClawScan security

ZFS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 18, 2026, 4:40 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is coherent with ZFS administration, but it omits declaring required system binaries and includes replication instructions that encourage creating root SSH keys with no passphrase and touching system paths—actions that are security-sensitive and should be reviewed before use.
Guidance: This skill appears to be a legitimate ZFS administration guide and includes helpful reference docs and a health-check script. Before installing or running anything: 1) Inspect the bundled scripts and references locally (especially replication scripts) rather than running them as-is. 2) Understand that zfs/zpool/ssh must be installed and most commands require root; the skill metadata does not declare those prerequisites — ensure you have the right binaries and privileges. 3) The replication examples recommend generating SSH keys without a passphrase and placing them in /root/.ssh; prefer using a dedicated limited-privilege user, protect keys (use passphrases or agent-based unlocking), and apply zfs allow to limit what the replication user can do. 4) If you plan to enable cron jobs or autorun replication, review and harden key permissions, host access, and logging; test in a non-production environment first. 5) If you are not comfortable with system administration or creating root-level keys, get an administrator to review these recommendations before applying them.

Review Dimensions

Purpose & Capability: noteThe skill's files, references, and health-check script are appropriate for ZFS administration and replication. However, the skill declares no required binaries/config paths even though SKILL.md and scripts assume system binaries (zfs, zpool, ssh, zpool list, etc.) and system paths. The omission is an inconsistency (it should declare required system tools and note that root privileges are typically needed).
Instruction Scope: concernInstructions stay within ZFS administration scope (pool/dataset/snapshot/replication). However, replication guidance and the included replication example recommend generating SSH keys with no passphrase (ssh-keygen -N "") and copying them to remote hosts, and the provided replication script references /root/.ssh/zfsrepl_key and runs ssh commands that assume root-level keys and access. Those recommendations are security-sensitive (automation vs key protection) and could enable broad remote access if applied without hardening. The SKILL.md also suggests running included scripts (zfs_health_check.sh) which execute privileged zfs/zpool commands — expected for the purpose but potentially dangerous if run blindly.
Install Mechanism: okNo install spec; this is instruction-only plus a small helper script. Nothing is downloaded or installed automatically. Risk is limited to running the provided scripts/commands on the host, which requires user/admin consent.
Credentials: noteThe skill requests no environment variables or external credentials, which is appropriate. But it references and assumes access to system paths (/root/.ssh, /etc/zfs/keys, /usr/local/bin, /etc/sanoid, /sbin/zpool, etc.) and root-level operations in docs and example scripts. Those assumptions are reasonable for ZFS administration but should have been declared as required config-paths/privileges in the metadata.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and does not include an install that persists code from external sources. It does recommend creating cron jobs and system-level cron/daemon entries in examples (sanoid, syncoid cron), which is normal for replication tooling but requires administrator approval.