Back to skill
Skillv1.0.0
ClawScan security
Code Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 28, 2026, 10:39 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's included analyzer.ts implements local static analysis that matches most of the description, but the SKILL.md claims extra integrations and behaviors (delegation to external coding agents, self-repair, knowledge-base) that are not implemented or justified and there is a minor mismatch between the advertised CLI name and the shipped file — these inconsistencies merit caution.
- Guidance
- This skill appears to implement a local static analyzer (scripts/analyzer.ts) and the basic features in SKILL.md but the documentation claims extra integrations (third‑party agents, self‑repair, knowledge base) that are not implemented or documented. Before installing: (1) Ask the publisher for a homepage or source repo and for details about the advertised integrations and whether any external APIs will be used and which credentials are required. (2) Inspect the included scripts yourself (they are bundled here) and run them locally in a safe environment — they read project files but do not perform network calls. (3) Avoid using any 'delegate to external agent' options unless you understand and accept that source code may be transmitted to third parties. (4) Verify how the advertised 'code' CLI is intended to be installed/installed wrapper if you expect to run the commands shown in SKILL.md.
Review Dimensions
- Purpose & Capability
- noteThe analyzer.ts implements static analysis, doc generation and simple suggestions which fit the 'code assistant' purpose. However SKILL.md advertises additional capabilities (delegation to Codex/Claude/Pi, self-repair, knowledge-base, expert-researcher, auto-fix) that are not implemented in the provided script. Also SKILL.md uses a 'code' CLI command while the repository provides scripts/analyzer.ts (no install or wrapper to expose a 'code' binary). This mismatch is likely marketing/packaging sloppiness but reduces confidence.
- Instruction Scope
- noteRuntime instructions are focused on running a local CLI to analyze project files and refer only to config env vars declared in SKILL.md. The shipped script reads arbitrary files under project directories (expected for a code analyzer). The SKILL.md's references to delegating tasks to external agents (Codex/Claude/Pi) and 'knowledge-base' searching are not backed by code; if an operator uses such delegation in practice it could expose source code to third-party APIs — the skill does not document required API credentials or safeguards.
- Install Mechanism
- noteThere is no install spec (instruction-only), which is low risk. However the package includes a runnable script (scripts/analyzer.ts) but provides no install/wrapping to create the advertised 'code' command; this is a packaging inconsistency rather than an active install risk. The script itself performs only local filesystem reads and has no network calls or archive downloads.
- Credentials
- okNo required secrets or credentials are declared. The script optionally reads benign configuration environment variables (CODE_MAX_COMPLEXITY, CODE_DEFAULT_STYLE, CODE_AUTO_FIX, CODE_IGNORE_PATTERNS) which are proportional to a code analysis tool. No unrelated or excessive env vars are requested.
- Persistence & Privilege
- okThe skill does not request always:true and does not declare any persistent/system-wide changes. It contains local analysis code only and does not modify other skills or global agent settings.