Back to skill
Skillv1.1.0
ClawScan security
Diff Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 9:45 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared behavior (read local SKILL.md, fetch remote SKILL.md, compare tool lists/risk) matches what it requests and instructs, but it has important blind spots you should understand before relying on it.
- Guidance
- This skill appears to do what it says: it reads your installed SKILL.md and fetches the remote SKILL.md on ClawHub, then compares tool lists and reports a verdict. Before installing or relying on it, consider these points: - Blind spots: it only inspects SKILL.md. Updates that introduce new endpoints, credentials, or behaviors inside code files, scripts, or bundled assets will be missed — the free/lite version explicitly won't report new external endpoints. For high-risk environments, manually review the updated package or use tools that inspect code files, not just SKILL.md. - Trust and provenance: registry metadata shows no homepage/source; verify the publisher (ordo-tech) and the ClawHub URLs used to fetch remote SKILL.md before trusting reports. An attacker could spoof or publish malicious SKILL.md on a registry under an unfamiliar account. - Operational caution: do not rely solely on the free report for updates that add sensitive tools (exec, write, network access). If an update adds exec/write or similar, perform a thorough code review or use the 'full' audit capability the author advertises (or other auditing tools) before approving. If you need higher assurance, request/require an auditor that scans all package files (not just SKILL.md) and validates remote content authenticity (signed releases or trusted publisher verification).
Review Dimensions
- Purpose & Capability
- okName/description claim to diff an installed skill and its update; the SKILL.md explicitly requires only 'read' and 'web_fetch' and describes reading the installed SKILL.md and fetching the remote SKILL.md for comparison. These capabilities are proportional to the stated purpose.
- Instruction Scope
- noteThe instructions are narrowly scoped to reading and diffing SKILL.md frontmatter, instruction body, and any URLs mentioned there. This is coherent, but a significant limitation: many skills embed endpoints or behavior in other files (code, scripts, bundled assets) that this auditor will not inspect. The free/lite variant explicitly does NOT report new external endpoints or full instruction diffs, creating a blind spot for exfiltration or hidden changes.
- Install Mechanism
- okInstruction-only skill with no install spec, no downloads, and no code executed at install time — lowest-risk install model and consistent with the stated behavior.
- Credentials
- okNo environment variables, no credentials, and no additional config paths are required. Requested access (read local SKILL.md and web_fetch remote SKILL.md) is proportionate to the task.
- Persistence & Privilege
- okNot always-enabled; user-invocable and allows model invocation (platform default). It does not request persistent system-wide privileges, nor does it modify other skills' configs. Autonomous invocation is permitted by default but not combined with extra privileges here.