Skillv1.0.0

ClawScan security

SubwaySkill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 17, 2026, 1:34 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, CLI instructions, and declared behavior are consistent with a tool for fetching NYC subway departure times, but there is a minor mismatch around realtime feed access (possible missing API key handling) that you should verify before use.
Guidance: This skill appears to be what it says: a CLI that fetches MTA GTFS-RT and static GTFS schedules and caches them under ~/.cache/subwayskill. Before installing or invoking it, verify these points: 1) The feed URLs target MTA endpoints that in some setups require an API key — the code and SKILL.md do not declare any environment variable for an API key, so realtime fetches may fail or you may need to supply credentials via another mechanism; confirm whether your environment has access to those endpoints. 2) The tool will make outbound HTTP requests (MTA endpoints and S3) and will write cached GTFS zip files to your home directory; ensure you are comfortable with that filesystem and network access. 3) The code is published on GitHub (link provided); if you need higher assurance, inspect the repository and build it locally rather than running prebuilt binaries from unknown sources. If you plan to allow autonomous agent invocation, remember the skill can perform network I/O and create cache files when invoked.

Review Dimensions

Purpose & Capability: noteName, README, SKILL.md and code all implement an NYC subway departures CLI that fetches GTFS-RT and static GTFS schedules and falls back to cached schedule data; required binaries and included files match that purpose. Note: the feed URLs point at MTA endpoints that commonly require an API key, but the code and SKILL.md do not declare or use any credential — this may cause realtime fetches to fail or requires additional configuration not documented.
Instruction Scope: okSKILL.md instructs the agent to run the subwayskill CLI with specific flags. The runtime behavior (network calls to MTA/S3 feeds, reading embedded stations.csv, caching GTFS zips to ~/.cache/subwayskill) matches those instructions and stays within the expected scope for a transit CLI. There are no instructions to read unrelated files, other credentials, or to transmit data to unexpected endpoints.
Install Mechanism: okInstall guidance uses `go install github.com/nyluke/subwayskill@latest`, a standard public Go install flow. The repository/source is referenced (GitHub URL in metadata). No opaque downloads, URL shorteners, or extract-to-arbitrary-path installers are used.
Credentials: okThe skill requests no environment variables or credentials. Its actions (outbound HTTP GETs to MTA feed endpoints and S3 GTFS zips, reading/writing ~/.cache/subwayskill) are proportional to its purpose. However, if the MTA realtime feeds require an API key, the skill currently does not declare or accept that credential.
Persistence & Privilege: okThe skill does not request elevated privileges or permanent platform-wide presence (always is false). It only writes cache files under the user's home (~/.cache/subwayskill) which is reasonable for a CLI. It does not modify other skills or system-wide agent settings.