Skillv0.3.0

ClawScan security

Code Sync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 27, 2026, 1:33 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (batch scanning and syncing git repos); it asks for no credentials and does not contact external endpoints, but it will automatically push/pull repositories and writes a small config file in your home directory, so review its behavior before granting it run privileges.
Guidance: This skill appears to do what it says: scan ~/code (or a configured base dir) and push/pull repositories. Before installing: 1) Be aware it can automatically push or pull repos — that can expose or change work in bulk; consider running a dry run or review mode first. 2) Inspect or audit the referenced 'git-workflow' skill before allowing it to perform commits (SKILL.md requires invoking it for commits via the Skill tool). 3) Note it writes config to ~/.config/nini-skill/code-sync/config.md and outputs remote URLs in scan results; if you store any sensitive tokens in remote URLs (unusual but possible), treat those outputs as sensitive. 4) If you want an extra safety layer, run the included scripts locally yourself to observe behavior before granting the skill autonomous use.

Review Dimensions

Purpose & Capability: noteThe skill claims to batch-sync git repos and only requires the git binary; that aligns with the included scan script and the described workflow. One minor inconsistency: SKILL.md says a separate 'git-workflow' skill is required for commits (installed via an npx command), but that external skill is not declared in the registry metadata. This is likely an implementation detail rather than a sign of malice, but you should verify the referenced 'git-workflow' skill before allowing commits.
Instruction Scope: noteInstructions and the script stay within the stated scope: scanning a base directory (~/.config path for configuration), enumerating repos, optionally running git fetch, and returning JSON status. A functional caveat: the workflow performs automated push/pull actions ('auto, no confirmation' for certain categories) which can modify remote state without an explicit per-repo prompt. The skill also collects remote URLs (remote_url) in its scan output, which is expected for this purpose but is data you may not want transmitted elsewhere.
Install Mechanism: okNo install spec — instruction-only plus an included shell script. Nothing is downloaded or extracted; the script is local and runs git commands. This is the lowest-risk install pattern.
Credentials: noteThe skill requests no environment variables or credentials. It does read $HOME and writes/reads a config at ~/.config/nini-skill/code-sync/config.md. It also exposes remote URLs from git remotes in its JSON output — reasonable for a sync tool but consider whether those URLs (which might contain embedded credentials in unusual setups) should be handled or stored.
Persistence & Privilege: okThe skill does not request always:true and has no system-wide modifications. It will create a config file under the user's home config directory on first run, which is normal for user-level tools.