Skillv1.0.0

ClawScan security

bearing search skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 3, 2026, 3:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files match its stated purpose, but the included Python script computes a data directory path that likely escapes the skill folder (a bug/incoherence that could cause it to read unexpected JSON files); review or fix before installing.
Guidance: This skill appears to implement a legitimate bearing lookup, but review the included script before use. The search_model.py's get_data_dir() climbs three directory levels above the skill, which contradicts the SKILL.md and may cause the script to read JSON files outside the project. Actions to consider before installing or running: (1) Inspect and run the script in a sandboxed environment. (2) Verify there is no sensitive data in any parent-level data/ directories that the script could read. (3) Fix the path calculation (use the repository root or the skill folder explicitly; e.g., set project_dir = script_dir.parent or project_dir = Path(__file__).resolve().parent.parent if data is next to the repo root). (4) If you can't change the code, run the skill with limited filesystem permissions or in a container. There are no network calls or credential requests in the code, so the main concern is unintended local file access rather than exfiltration. If you want, provide a copy of the data/ directory layout you plan to use and I can suggest an explicit safe path change.

Purpose & Capability: okName, description, SKILL.md and reference docs align with a bearing search/lookup skill. Included reference docs and example data formats are appropriate for the claimed functionality and no unrelated credentials or binaries are requested.
Instruction Scope: concernSKILL.md says data is stored under data/models and data/brands within the project, but scripts/search_model.py's get_data_dir() computes project_dir = skill_dir.parent.parent.parent which (unlike the documentation) climbs multiple levels above the skill directory. This mismatch can cause the script to search for a data/ directory outside the skill (unexpected filesystem access). The script otherwise only reads local JSON files and prints results (no network or env-var exfiltration), but the path bug broadens the files it may open.
Install Mechanism: okNo install spec (instruction-only plus a small script). No packages downloaded or archives extracted; risk from installation mechanism is low.
Credentials: okThe skill declares no required environment variables, and the code does not read environment variables or credentials. Requested permissions are proportional to the stated purpose.
Persistence & Privilege: okalways is false and the skill does not modify other skills or system settings. It has no elevated persistence or special privileges.