Skillv1.0.3

ClawScan security

Adversarial Verification · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 4, 2026, 9:17 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and runtime behavior are internally consistent with a tool that runs real verification commands against a target project; it does not request unrelated credentials or hidden endpoints — but it will execute shell commands on the host so you must run it in an isolated/sandboxed environment and review before use.
Guidance: This skill intentionally runs real shell commands against whatever path you provide (npm install, builds, running scripts). That behavior is coherent with its purpose but can be destructive if run against production or untrusted code. Before using: (1) review the script (scripts/simple-verify.js) so you understand which commands will be executed; (2) only run it in an isolated sandbox or ephemeral environment with backups; (3) do not add it to pre-commit/CI for repositories you don't trust without inspecting both the verifier and the repository code; (4) note that the skill itself does not enforce sandboxing — you must ensure isolation; (5) expect it to run network activity if the target project's verification invokes package installs or external calls.

Review Dimensions

Purpose & Capability: okThe name/description (adversarial verification) match the included SKILL.md and the provided scripts: the JS tool runs real commands (npm install, build, node <script>) to validate frontend/CLI targets. There are no unrelated environment variables, binaries, or external endpoints required.
Instruction Scope: noteThe SKILL.md explicitly requires running 'real' commands against the target and instructs destructive/adversarial testing in a sandbox. That is consistent with the purpose, but the instructions rely on the caller to ensure sandboxing and environment isolation — nothing in the skill enforces or automates sandboxing. The examples also propose adding pre-commit hooks and CI integration (which is expected) but the quick-start wording ('安装后：下次我写代码就会自动使用对抗性验证') could be misread as the skill auto-registering itself; the package contains no installer that creates hooks automatically.
Install Mechanism: okNo install spec is provided (instruction-only skill) and the package includes a straightforward Node script. No downloads from untrusted URLs or archive extraction occur as part of the skill itself. Risk from package manager activity is limited to the target project's own dependency installs (e.g., npm install performed by the verifier).
Credentials: okThe skill requests no environment variables, credentials, or config paths. The runtime behavior (executing commands in the provided target path) is proportional to the stated goal of running real verification commands.
Persistence & Privilege: notealways:false and user-invocable:true (normal). The skill does not request permanent platform privileges. However, sample usage suggests adding pre-commit hooks or CI integration; installing those hooks is a user action and not performed automatically by the skill. Be aware that if you add hooks or CI steps, the verifier will execute on those events and thus gains runtime access to whatever workspace it runs in.