Skillv1.0.0

ClawScan security

Multilogin X · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 8:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality matches its description, but it instructs you to download and execute unsigned binaries from an unverified S3 distribution and asks for user credentials without declaring them — this mismatch and the arbitrary install instructions are risky.
Guidance: This skill appears to do what it says (manage Multilogin X), but exercise caution before installing or running it: the SKILL.md tells you to download and execute native binaries from an unverified S3 distribution and to supply your Multilogin credentials. Before proceeding, verify the publisher (official homepage or vendor), check cryptographic signatures or checksums for the binaries, prefer installing only from an official release page or package repository, and test in an isolated environment (VM/container) rather than on production hosts. If you must use it, avoid giving persistent or high-privilege access to the host, and consider creating least-privilege user accounts or ephemeral credentials. If the vendor/publisher cannot be confirmed, treat the install instructions as high risk and do not run them on sensitive systems.

Review Dimensions

Purpose & Capability: okName/description (manage Multilogin X profiles) align with the runtime instructions and the declared required binaries (xcli and mlx-launcher). The commands referenced (launcher start, xcli profile-quick, login) are consistent with the described purpose.
Instruction Scope: concernSKILL.md includes full installation and runtime instructions that direct the agent to download, install, and execute native binaries and to prompt for user login credentials. It also tells the agent to store/use tokens in ~/.config/xcli. The instructions reach outside a narrow scope (they fetch and run external executables and ask for credentials) and the skill did not declare credentials in its metadata.
Install Mechanism: concernAlthough the registry lists no install spec, the SKILL.md gives explicit curl/Invoke-WebRequest commands that download binaries from https://ml000x-dev-dists.s3.eu-north-1.amazonaws.com (an S3 bucket) and place them in /usr/local/bin or the user profile. Downloading and running arbitrary binaries from a third-party S3 host is high-risk because the binaries are opaque/unsigned in this doc and come from an unknown publisher.
Credentials: noteThe skill declares no required env vars, but the instructions require the user to provide Multilogin username/password (and tokens are stored under ~/.config/xcli). Requesting credentials is expected for a login flow, but they should have been declared as required or documented more explicitly; also the instructions imply writing to user config and may require elevated permissions to install to /usr/local/bin.
Persistence & Privilege: noteThe skill does not force persistent inclusion (always:false) and does not request platform-level privileges in metadata, but the install steps write executables into system paths and run a background launcher process — this can require sudo/administrator rights and results in a persistent running process (mlx-launcher).