Skillv1.0.0

ClawScan security

Awesome Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 3, 2026, 6:16 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's surface is coherent with its stated purpose, but the SKILL.md is vague about key runtime behaviors (notably 'one-click installation' and persistent favorites), leaving room for actions beyond what's declared.
Guidance: This skill looks like a simple explorer for a public GitHub collection, but the runtime instructions are vague. Before installing, ask the author or publisher: (1) How does 'one-click installation' work — does the skill actually install other skills or just open links? (2) Where are 'favorites' stored and who can access them? (3) Will the skill perform any writes to agent state, change installed skills, or attempt network calls beyond the GitHub repo link? If you need to be cautious, run/testing it in an isolated agent or sandbox and require explicit confirmation for any install actions. If the publisher is unknown or you cannot get clarification, treat the skill as potentially performing broader actions than its description implies.

Review Dimensions

Purpose & Capability: okName/description match the manifest: it's an explorer for a public GitHub repo. The skill declares no binaries, env vars, or install steps — which is consistent with a read-only discovery tool. However, the feature list includes 'one-click installation' and 'save favorite skills', which imply actions (installing skills, storing state) that are not explained or justified by the manifest.
Instruction Scope: concernSKILL.md is extremely high-level and contains no concrete runtime instructions (no API endpoints, no commands, no storage locations). This vagueness grants the agent broad discretion at runtime: it could fetch from other endpoints, modify agent state, or attempt to install other skills — none of which are described or constrained here.
Install Mechanism: okNo install spec and no code files are present. That minimizes disk-write risk. There are no third-party downloads or package installs declared.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is proportionate for a read-only discovery tool. If the skill actually implements installation, additional credentials or permissions would be expected but are not declared.
Persistence & Privilege: notealways is false and autonomous invocation is allowed (the platform default). The SKILL.md's mention of 'save favorite skills' and 'one-click installation' implies some form of persistence or modification of the agent's installed skills, but the skill does not declare how that persistence is implemented or what privileges are required.