Back to skill
Skillv1.1.0
ClawScan security
Tutti · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 8:40 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a thin wrapper around a local CLI (tt) for orchestrating Tutti agents; its requirements and instructions match its stated purpose and there are no hidden endpoints or unexplained credentials requested.
- Guidance
- This wrapper is coherent: it delegates work to the local 'tt' CLI and reads .tutti/state/*.json for status. Before using, verify the provenance of the 'tt' binary (https://github.com/nutthouse/tutti or another trusted source) because the skill runs whatever 'tt' does (and workflows/steps can execute shell commands and inject workspace files). Only run this skill in repositories you trust, and confirm you are comfortable with the behavior of 'tt' (it is the component that may reach network services or require API keys). Note: TUTTI_BIN can override the command; ensure that env var or overridden binary is trusted.
Review Dimensions
- Purpose & Capability
- okThe name/description (multi-agent orchestration) align with the actual behavior: the skill invokes a local 'tt' CLI, reads .tutti/state/*.json for status, and provides wrapper actions for launch, workflow, handoff, git land, etc. Required binaries (tt, tmux, python3) are appropriate for this functionality.
- Instruction Scope
- okSKILL.md and the wrapper script limit runtime actions to calling the configured 'tt' CLI, reading .tutti/state/*.json, peeking agent output, and copying/injecting workspace-relative files for handoffs. There are no instructions to read unrelated system files or environment secrets.
- Install Mechanism
- okThere is no install spec (instruction-only skill with one wrapper script). Nothing is downloaded or extracted by the skill itself. The only runtime dependency that matters is the external 'tt' CLI (the skill documents its upstream repository).
- Credentials
- okThe skill declares no required environment variables or credentials. The wrapper optionally respects TUTTI_BIN if set, which is reasonable. No unrelated secrets or config paths are requested.
- Persistence & Privilege
- okThe skill does not request always: true, does not modify other skills' configs, and does not claim persistent system-level privileges. It runs on-demand and invokes the local 'tt' tool as needed.