Skillv1.0.1

ClawScan security

Plakar backup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 4:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a Plakar restore workflow, but its metadata omits required binaries/config and the skill can perform destructive filesystem restores — verify provenance and declared requirements before installing.
Guidance: This skill appears to implement legitimate Plakar restore steps, but its metadata omits runtime requirements and the source is unknown. Before installing: 1) Verify the skill's provenance/author (no homepage, unknown source). 2) Confirm you have the 'plakar' binary and the plugin configuration key 'plakar.store' documented and correct. 3) Ensure the agent is configured to always prompt you before any restore (restores overwrite live files). 4) Test restores in a safe environment (non-production) to confirm behavior. If you require strict visibility, ask the publisher to update the metadata to declare the required binary and config path.

Review Dimensions

Purpose & Capability: noteThe name/description (Plakar restore) aligns with the SKILL.md (listing, diffing, restoring snapshots). However the registry metadata declares no required binaries or config paths while the SKILL.md explicitly requires the 'plakar' binary in $PATH and a plugin config value 'plakar.store' — an incoherence between claimed requirements and the runtime instructions.
Instruction Scope: okInstructions are narrowly scoped to listing, inspecting, diffing, and restoring Plakar snapshots and explicitly tell the agent to confirm with the user before restoring. They do direct the agent to run commands that can overwrite live files (restore operations) which is expected for this purpose and appropriately flagged in the doc.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so there is nothing written to disk by the skill itself. That is the lowest-risk install mechanism.
Credentials: concernThe SKILL.md depends on the 'plakar' binary and on a plugin configuration value 'plakar.store', but the skill's declared requirements list no required binaries or config paths. While no secrets or environment variables are requested, the omission means an agent or administrator might not realize the skill will attempt to run a local tool and access a store path.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable only; it does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed (default) but is not combined with other high-risk flags here.