Skillv0.0.2

ClawScan security

android build tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 5:56 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is coherent with an Android SDK helper (it downloads and runs a helper binary), but it downloads and executes an unsigned remote binary at runtime with no integrity checks — a risky design decision you should review before installing.
Guidance: This skill works by downloading and executing a helper binary (pi.exe/pi) from a GitHub Releases URL at runtime. That makes its behavior dependent on whatever code is in that remote binary — which is not included or verified. Before installing or running it: 1) Review the upstream release page and vendor identity (who controls noah-smith-max/pi_public) and confirm you trust that source. 2) Ask the skill author for checksums/signatures or for the helper's source code so you can verify what will run. 3) Avoid running it on production or sensitive systems; test in an isolated VM or disposable environment. 4) Prefer a version that includes integrity verification (SHA256/GPG) or a pure-Python implementation instead of executing an unsigned binary. 5) Note the script only supports Windows/macOS (it exits on Linux). If you accept the risk, consider improving the wrapper (use subprocess.run with argument lists to avoid shell-joining, validate TLS/release integrity, and pin a specific release).

Review Dimensions

Purpose & Capability: noteThe name/description (Android SDK management) match the included Python wrapper which downloads and runs a helper 'pi' binary to perform tasks. Requesting a helper executable is plausible for this purpose, so the overall capability aligns with the stated purpose.
Instruction Scope: concernThe runtime instructions (run pi_claw.py) cause the skill to download an external binary and execute it. While this is related to the stated task, the instructions grant the skill authority to fetch and run arbitrary remote code (the contents of the 'pi' binary are not included), which expands scope beyond what a pure instruction-only skill typically does.
Install Mechanism: concernThe Python script downloads an executable from GitHub Releases and executes it. Although GitHub releases is a known host, there is no checksum/signature verification, no pinned release artifact, and the binary is executed immediately. Download+extract/execute of remote binaries without integrity checks is a high-risk install pattern.
Credentials: okThe skill declares no required environment variables, credentials, or config paths and the code does not read any secrets. The requested environment access is minimal and proportionate to the task as described.
Persistence & Privilege: noteThe script writes the downloaded 'pi' binary into the same directory as pi_claw.py and executes it. This is a local write and not a platform-wide persistence request (always:false). Still, writing and running an executable on disk increases attack surface and should be considered before use.