Skillv1.1.0

ClawScan security

Shadows Deploy Guardian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 2:37 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (a pre-deployment checklist) but they execute project tests/builds and run grep/git commands that can execute repository code or reveal secrets, so run it only in trusted or sandboxed environments.
Guidance: This skill appears to be what it says — a pre-deployment checklist — but it will run your repo's tests/builds/linters and inspect git history. Those operations can execute arbitrary code from the repository and may print secret-like strings to stdout. Before installing or invoking: 1) run it on a cloned or sandboxed copy (not directly in a production environment); 2) ensure CI/runner environment isolates network and credentials; 3) be aware the secrets-scan uses grep and can echo matched text to logs — use a dedicated secret scanner (gitleaks/detect-secrets) for production-sensitive work; 4) note minor docs issues (it references DEPLOY_URL and Docker but Docker isn't listed in required bins, and 'docker build --dry-run' is not a standard docker flag) — review and adapt the commands to your environment before running. If you want higher assurance, request a version with explicit opt-in checks and no direct stdout of potential secrets.

Review Dimensions

Purpose & Capability: okName and description describe a pre-deploy checklist (tests, lint, build, secrets scan, env validation) and the SKILL.md implements those gates directly. Required binaries (git + one of npm/python/cargo) are consistent with detecting and exercising common project toolchains.
Instruction Scope: noteThe instructions explicitly run tests, builds, linters and git history scans; these are expected for a pre-deploy tool but also mean the agent will execute repository code and parse commit history. The SKILL.md itself warns about sandboxing. Also Gate 6 references $DEPLOY_URL (optional) and the secrets-scan grep will print matched lines to stdout — outputs may contain secret-like strings and could be logged/shared.
Install Mechanism: okNo install spec and no code files — instruction-only skill. This reduces install-time risk because nothing is downloaded or written by the skill itself.
Credentials: noteThe skill declares no required environment variables (reasonable), but the instructions reference an optional $DEPLOY_URL and .env/.env.example handling. This is a minor inconsistency (uses optional env vars without declaring them), and the instructions may surface secret-like values in output. The skill does not request any credentials or secrets itself.
Persistence & Privilege: okalways is false, disable-model-invocation is not set (normal), and there are no config paths or claims of persistent system modification. The skill does not request permanent presence or elevated privileges.