Skillv0.1.1

ClawScan security

TeamPilot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 8:38 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions are generally coherent for bootstrapping a local Node-based multi-agent project, but the skill metadata omits declared prerequisites and the runtime instructions will cause execution of third-party code (npm install / npm run), so review and isolation are recommended before use.
Guidance: This skill is an instruction-only guide to clone and run a Node-based project; it appears to do what it says but you should not run it blindly. Before using it: - Verify the repository URL (TEAM_PILOT_REPO_URL) points to a trusted source (preferably a known GitHub org/repo) and inspect package.json and any install/postinstall scripts. - Run npm install and npm run in an isolated environment (container or VM) and with network limits if possible, because npm packages and the repo code will execute on your machine. - Confirm the project does not require secrets you won't supply; the skill metadata doesn't declare required binaries or env vars even though git/node/npm are needed. Ensure you have the correct Node version and tools installed. - Check what network ports the service opens (default 3333) and whether it exposes any external integrations you didn't expect. If you can confirm the repository source and review its code, the skill is coherent for its purpose; if the repo is untrusted or you cannot inspect it, avoid running npm install/npm run on a sensitive host.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes cloning a repository, running npm install, and starting a Node service — which matches the 'zero-to-run' purpose. However, the registry metadata lists no required binaries or environment variables even though the instructions explicitly require git, node, and npm and reference a TEAM_PILOT_REPO_URL placeholder. This mismatch is an incoherence (missing declared prerequisites).
Instruction Scope: okInstructions stick to repository checkout, dependency installation, running the service, API endpoints, and UI troubleshooting. They do not instruct reading unrelated system files, exfiltrating data, or contacting external endpoints other than the repo URL implied by TEAM_PILOT_REPO_URL.
Install Mechanism: okThere is no install spec in the skill bundle — it's instruction-only. That minimizes the skill package's own attack surface. However, runtime steps (npm install, npm run) will fetch and execute external code from the cloned repository and npm registry, which is inherent to the task.
Credentials: noteThe skill declares no required environment variables or credentials, but the instructions reference TEAM_PILOT_REPO_URL and demonstrate using PORT=... to change bind port. The absence of declared env requirements is a minor inconsistency. No unrelated credentials or secrets are requested by the skill itself.
Persistence & Privilege: okThe skill does not request always:true and does not try to persist configuration or modify other skills. It runs on-demand and would rely on the user's actions to clone and run code locally.