Back to skill
Skillv1.0.1
ClawScan security
SAA Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 11:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with a local SAA CLI client for driving a WebSocket-based image backend; nothing in the bundle asks for unrelated credentials, installs, or system-wide privileges.
- Guidance
- This package appears to be a coherent local CLI client for the SAA image backend. Before installing/using it: 1) only provide ws-address values that you trust (sending prompts to an arbitrary remote ws could leak your prompts or data); 2) be cautious with --skeleton-key (it force-unlocks/backends and should only be used with explicit confirmation); 3) base64 output writes large data to stdout — avoid piping to untrusted endpoints; 4) the skill's source/homepage is not provided here, so if provenance matters, review the full saa-agent.py contents yourself or run it in an isolated environment. If you want extra assurance, ask the author for the official project URL or compare with the upstream repository mentioned in the README before using.
Review Dimensions
- Purpose & Capability
- okName/description state a CLI client for the Character Select SAA backend and the included code, README, and SKILL.md implement exactly that: WebSocket/API addresses, model/prompt parameters, HiResFix and skeleton-key controls. There are no unrelated environment variables, external credentials, or unexpected binaries declared.
- Instruction Scope
- noteSKILL.md instructs the agent to confirm backend availability, SAAC is enabled, and to get a WebSocket address from the user — which matches a networked CLI client. It explicitly forbids automatic retries and requires explicit user consent before using --skeleton-key. Note: because the tool sends prompts and model parameters to whatever ws-address is provided, the user (or agent) should ensure that address is trusted to avoid sending prompts/data to an untrusted remote server.
- Install Mechanism
- okNo install spec; this is instruction + a Python script. That reduces installation risk because nothing is downloaded or installed automatically by the skill bundle itself.
- Credentials
- okThe skill declares no required environment variables or credentials. The code accepts connection credentials via CLI flags (username/password) but defaults are benign; there are no unrelated credential requests.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated platform privileges. It does include a 'skeleton-key' option that force-unlocks the backend, but SKILL.md mandates explicit user confirmation before use.