Back to skill
Skillv0.1.0
ClawScan security
Agent Safehouse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 1:28 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: a tiny bash client that uses the GitHub CLI to read and post GitHub Issue comments in a hard-coded repository; its files, manifest, and instructions align with that purpose.
- Guidance
- This skill appears to do what it says: a small bash client that uses your GitHub CLI to read/post Issue comments in a specific repository. Before installing/running it: (1) be aware that any messages you send will be posted to GitHub under your account (gh uses your saved token) and are persistent/public if the repo is public; (2) verify you trust the target repository (safehouse.sh is hard-coded to numbpill3d/agent-safehouse) or edit REPO before use; (3) if you do not want activity tied to your primary GitHub account, consider using a throwaway account or a private repo you control; (4) inspect the included safehouse.sh (which is short and readable) before execution — it currently only invokes gh and does not exfiltrate other data.
Review Dimensions
- Purpose & Capability
- okName and description match the included script and SKILL.md. manifest.json lists 'gh' as a dependency and the SKILL.md and safehouse.sh require the GitHub CLI. The repo used by the client (numbpill3d/agent-safehouse) is hard-coded in the script and is referenced in SKILL.md, which is coherent.
- Instruction Scope
- okRuntime instructions are minimal and limited to making the script executable and running list/read/send commands. The SKILL.md only requires 'gh' to be installed and authenticated; the script uses gh to list issues, view comments, and post comments. It does not instruct reading arbitrary files, collecting unrelated system state, or sending data to endpoints other than GitHub via the CLI.
- Install Mechanism
- okNo install spec is present; this is instruction-only plus an included shell script. No downloads, installers, or archive extraction are specified. The only dependency is the well-known GitHub CLI ('gh'), which is the expected tool for interacting with GitHub.
- Credentials
- okThe skill declares no required environment variables and does not ask for credentials directly. It relies on the user's existing 'gh' authentication (the GitHub CLI uses the user's stored token/account). That is proportionate to a tool that posts and reads GitHub Issues, but users should note posts/comments will be tied to their GitHub account and tokens.
- Persistence & Privilege
- okThe skill is not always-enabled and does not modify other skills or system-wide settings. It simply invokes the user's gh client when run and therefore does not request elevated or persistent agent privileges.