Craft CLI
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: craft-cli Version: 1.6.2 The skill is classified as suspicious due to its installation method, which involves downloading an executable binary from a remote GitHub URL (`https://github.com/nerveband/craft-cli/releases/download/v1.0.0/craft-darwin-arm64`) using `curl` and then moving it to `/usr/local/bin` with `sudo mv`. While this is a common installation pattern for CLI tools, it represents a significant supply chain risk and requires elevated privileges, making it a high-risk capability without clear evidence of malicious intent within the provided skill instructions. The `craft-helper.sh` script also includes a pass-through mechanism (`"$CRAFT" "$@"`) that allows arbitrary commands to be executed by the installed `craft` binary.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill may gain access to specific Craft spaces without the user supplying or approving credentials at install time.
The helper hardcodes API endpoints for named business and personal spaces. SKILL.md treats the API URL as the configured access mechanism, while the registry declares no credential requirement.
WAVEDEPTH_API="https://connect.craft.do/links/5VruASgpXo0/api/v1" PERSONAL_API="https://connect.craft.do/links/HHRuPxZZTJ6/api/v1"
Remove hardcoded Craft API URLs, revoke or rotate any exposed links, require users to provide their own scoped credentials/configuration, and declare those credentials in metadata.
A mistaken or over-eager agent action could alter or delete business or personal Craft documents.
The skill exposes direct document mutation and deletion commands against the configured Craft space, but does not document user-confirmation, scoping, backup, or reversibility safeguards.
### Update Document ~/clawd/skills/craft-cli/craft update <document-id> --file updated-content.md ... ### Delete Document ~/clawd/skills/craft-cli/craft delete <document-id>
Require explicit user confirmation before create/update/delete operations, show the active Craft space and document ID/title before acting, and prefer read-only defaults unless the user specifically requests mutation.
The unreviewed downloaded binary would handle the Craft API access and document operations, increasing supply-chain risk.
The installation instructions download an external executable and install it into a privileged system path, but the reviewed artifacts do not include the binary, checksum, signature, or install spec.
curl -L https://github.com/nerveband/craft-cli/releases/download/v1.0.0/craft-darwin-arm64 -o craft chmod +x craft sudo mv craft /usr/local/bin/
Provide a pinned and verified install spec, include checksums or signatures, align versions and paths, declare the required binary, and avoid privileged installation where possible.