Back to skill
Skillv1.5.8
ClawScan security
Clawhub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 3:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with a localized GPU-tool that delegates work to a local 'octoflow' binary; nothing requested is disproportionate to its stated purpose, though there are minor install metadata quirks to verify before use.
- Guidance
- This skill appears to be what it claims: a front-end to a local 'octoflow' GPU binary. Before installing or running it: (1) ensure you obtain the octoflow binary from the official GitHub release page and verify the exact asset name and checksum (the SKILL.md's install URL is missing the asset filename); (2) be deliberate when granting --allow-read / --allow-write / --allow-net / --allow-exec flags — only allow the minimal paths/domains/commands needed; (3) running octoflow mcp-serve exposes a local RPC endpoint to your agent — only enable that if you trust the binary and your agent config; (4) expect OctoFlow to write small preference files to ~/.octoflow and per-project .octoflow/; and (5) if you need stronger assurance, verify the release signature/checksum on GitHub or build the binary from source.
Review Dimensions
- Purpose & Capability
- okThe name/description match the declared runtime requirement (an 'octoflow' binary) and the SKILL.md instructions show only operations relevant to GPU compute, data analysis, and running an MCP server. Requiring a local octoflow binary is reasonable for this functionality.
- Instruction Scope
- okRuntime instructions are narrowly scoped: run the octoflow binary, pass permission flags, run as an MCP server for agent integration, and operate on user-permitted files/domains. The SKILL.md adheres to a deny-by-default permission model and does not instruct reading unrelated system files or exfiltrating secrets.
- Install Mechanism
- noteThe SKILL.md includes an install hint pointing to GitHub Releases (a normal source). However the provided URL ends at the release directory (no specific asset filename) which is an inconsistency and would need resolution by an installer. Overall, using GitHub Releases is expected and low risk compared to arbitrary hosts.
- Credentials
- okThe skill declares no required environment variables or credentials. It does note that OctoFlow may save preferences under ~/.octoflow and per-project .octoflow/ which is plausible and proportionate to the tool's function.
- Persistence & Privilege
- okalways is false and the skill does not request permanent elevated platform privileges. It can run a local MCP server (expected for agent integration) — this grants a local RPC surface only when the user starts it or allows the agent to. The deny-by-default flags limit automatic access.