Skillv1.0.0

ClawScan security

superviser ressources · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 24, 2026, 1:42 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims scheduled auto-healing and restart capabilities but the included code only performs a one-shot status check and probes hardcoded third‑party sites; dependencies and required binaries are not declared — these mismatches are unexplained.
Guidance: Do not install this as-is. Ask the author for: (1) source/origin and reason for the three hardcoded external targets (why monitor those domains by default); (2) an explanation or implementation of the restart/auto-heal behavior (what exact commands will be run, required privileges, and safeguards); (3) a declared list of dependencies (requests, psutil) and required binaries (docker), or an install spec; (4) removal of hardcoded third‑party endpoints or a way for the user to configure monitored targets. If you must test it, run it in a sandboxed environment with minimal privileges and network access restricted, and review any restart actions before allowing the agent to execute them autonomously.

Review Dimensions

Purpose & Capability: concernThe skill description and SKILL.md promise periodic scanning every 5 minutes and automatic restart ('auto-guérison', '/supervisor restart'), but monitor.py only runs a single status snapshot (resources, HTTP checks, docker ps) and contains no scheduling or restart logic. The code also probes three hardcoded external domains unrelated to the user's host, which is unexpected for a local supervisor.
Instruction Scope: concernSKILL.md instructs the agent to scan every 5 minutes and attempt auto-healing. Those are high-privilege actions (restarting services/containers) but there are no concrete, scoped commands or safeguards in the instructions or code. The agent would be given broad discretion to perform restarts without prescriptions of which commands to run, required privileges, or rollback behavior.
Install Mechanism: concernThere is no install spec. The code imports third-party Python packages (requests, psutil) and calls the 'docker' CLI but the skill declares no dependencies or required binaries. That mismatch will cause runtime errors or hide implicit installation/privilege requirements.
Credentials: noteNo environment variables or credentials are requested (ok), but the code performs outbound HTTP GETs to three hardcoded external domains (aiflowhub.online, prospectx.aiflowhub.online, marocpromo.insightops.online). A supervisor for a user's server would normally check local services or user-configured targets — contacting specific third-party sites by default is unexpected and should be justified by the author.
Persistence & Privilege: okThe skill is not marked 'always' and does not request persistent system modifications in the package. It doesn't modify other skills' configs. However, its claimed auto-healing behavior would require elevated privileges at runtime; that is not requested or described in the manifest.