Back to skill
Skillv0.1.0
ClawScan security
Security · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 6:11 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, requirements, and runtime instructions are coherent with its stated purpose as a backend-backed live safety check, but it sends instruction/target data to a remote backend (configurable via SAFETY_API_URL) so you must trust the endpoint and avoid sending secrets.
- Guidance
- This skill appears to do what it says: send instructions and a small context/target object to a safety backend and return a decision. Before installing or using it, make sure you trust the backend endpoint (default: https://safety-cf.modeio.ai or any URL set via SAFETY_API_URL). Do not pass secrets or full connection strings as the --target or in the instruction/context unless you control or trust the backend. Ensure the 'requests' package is available in your runtime. If you need offline or local-only checks, consider running a local mock endpoint and set SAFETY_API_URL accordingly or avoid using the skill for highly sensitive targets.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: a Python CLI that posts an instruction + optional context/target to a safety backend. Required runtime (python3, requests, network) is appropriate for this purpose and no unrelated credentials or binaries are requested.
- Instruction Scope
- noteSKILL.md and the CLI only describe submitting the instruction, context, and target to the configured backend and returning a normalized success/error envelope. The instructions do not instruct reading unrelated files or system secrets, but callers are explicitly asked to provide concrete targets (paths, DB tables, URLs) which may contain sensitive data.
- Install Mechanism
- okNo install spec that downloads arbitrary code; code is included in the package and the runtime dependency is the widely used 'requests' Python package. No remote downloads or archive extraction are performed by an installer.
- Credentials
- concernThe skill does not request credentials, which is appropriate, but it allows overriding the backend via SAFETY_API_URL and will POST instruction/context/target (potentially containing sensitive identifiers or even connection strings) to that endpoint. If SAFETY_API_URL is pointed at an untrusted endpoint, sensitive data can be exfiltrated. This is a functional necessity but increases risk and should be treated cautiously.
- Persistence & Privilege
- okThe skill does not request permanent system presence (always=false), does not modify other skills or system-wide settings, and is user-invocable. Autonomous invocation is allowed (platform default) but not an additional privilege requested by the skill.