Skillv1.0.3

ClawScan security

Home Fix-It · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 9:40 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior is largely coherent with a local photo-based home-repair assistant, but some packaged files (dashboard spec, manifest, cross-sell) imply optional cloud services and credentials that conflict with the README/SECURITY claim of '100% local processing' — this mismatch and the setup prompt's filesystem operations deserve user attention before installing.
Guidance: What to check before installing: - The core skill appears coherent and runs locally, but inspect the SETUP-PROMPT and confirm your agent runtime will actually perform strict path canonicalization and enforce chmod/chown as described (to prevent directory escape via symlinks). - The package includes a dashboard kit that requires Supabase/NextAuth and environment variables — only provide DB or auth credentials if you intentionally enable the dashboard, and review its deployment code and access controls first. - Verify the agent truly keeps photos local (run a test with non-sensitive images and monitor network activity). The README/SECURITY claim of "100% Local Processing" conflicts with bundled dashboard instructions that assume external services. - If you enable integrations (DocuScan, dashboard), follow least-privilege principles: use per-service accounts, private storage buckets, and rotate keys; enable row-level security as recommended. - Back up any existing workspace data before letting the skill create files, and run the setup in a controlled environment (not on a sensitive production host) until you confirm behavior. If you want, I can produce a short checklist of exact runtime permissions and filesystem commands to review with your platform operator.

Review Dimensions

Purpose & Capability: noteThe name, README, and SKILL.md all describe a local, vision-capable home-repair assistant that stores data under a workspace 'home/' directory — that is coherent with the declared lack of required binaries and environment variables. However, the included dashboard-kit and manifest describe a Supabase-backed dashboard, authentication requirements, and environment variables for DB/auth keys. That suggests an optional cloud-backed component not reflected in the top-level claims (README/SECURITY state '100% Local Processing'). This is likely an optional feature but is an inconsistency the user should be aware of.
Instruction Scope: noteThe SKILL.md and SETUP-PROMPT are explicit and narrowly scoped: they tell the agent to canonicalize the workspace root, create a 'home/' directory and specific files, and re-canonicalize before each read/write. Those filesystem actions are reasonable for local persistence and within the stated purpose. The skill also includes robust prompt-injection defenses and a clear safety classification. Note: the SETUP-PROMPT instructs the agent to execute path resolution and filesystem commands — the actual agent runtime must implement those safely (canonicalization checks, no symlink escape), so verify the runtime honors those constraints.
Install Mechanism: okInstruction-only skill with no install spec or downloaded code. This minimizes supply-chain risk since nothing is written to disk by an installer outside the explicit SETUP-PROMPT filesystem actions.
Credentials: noteThe skill declares no required environment variables or credentials, which matches the local-processing claim. However, the dashboard-kit and DASHBOARD-SPEC explicitly mention Supabase, NextAuth, private storage buckets, and environment variables for keys/URLs. If you enable the dashboard or the DocuScan/manual-retrieval integration, you'll need to supply external credentials, which contradicts the packaging's 'no external transmission' messaging. Treat those dashboard components as optional plugins that require additional secrets and careful review.
Persistence & Privilege: okThe skill is not always-enabled and can be invoked by the user. Its persistent footprint is limited to creating/maintaining a 'home/' directory within the user's workspace (as defined by SETUP-PROMPT). That behavior is proportional for a maintenance-tracking tool, provided the runtime enforces the described canonicalization and permissions (chmod 700/600).