Back to skill
Skillv1.1.3
ClawScan security
Skill Fleet Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 9, 2026, 8:40 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent for a fleet-auditing tool: it only needs read/web_fetch/web_search (and write for saving reports), performs on-disk reads of SKILL.md files and public web checks, and does not request credentials or install code.
- Guidance
- This skill appears to do what it claims: read SKILL.md files, check public ClawHub pages, and produce a report. Before installing: (1) Confirm the platform will grant only the tools the skill needs (read/web_fetch/web_search, plus write if you want saved reports); the registry metadata omission should be clarified. (2) Review any reports it produces before acting automatically (it recommends surfacing 🚨 items immediately). (3) Be aware the author links to a paid 'Ops Pack' (upsell) — the free checks are limited. (4) If you plan to schedule it (heartbeat), grant the minimum necessary tools and consider running it once interactively to review results and confirm it only reads SKILL.md files and the intended paths. If you want extra assurance, inspect the SKILL.md files it will read or run it in a restricted/sandboxed agent first.
Review Dimensions
- Purpose & Capability
- noteThe skill's stated purpose (inventory skills, check versions, detect delisted publishers) matches the operations described in SKILL.md (read local SKILL.md files, fetch ClawHub pages). Minor inconsistency: top-level registry metadata shown with the submission lists no required tools, while SKILL.md / SKILL-FULL declare tools [read, write, web_fetch, web_search]. This is likely a metadata omission but should be clarified before installation.
- Instruction Scope
- okRuntime instructions are focused: list skill directories, read each SKILL.md, extract metadata and body text, check public ClawHub pages, and produce a report. The skill does not instruct the agent to read unrelated system files or environment variables, nor to transmit data to unknown endpoints. Pattern-matching for risky strings is reasonable for an auditor.
- Install Mechanism
- okThis is an instruction-only skill with no install spec or code files to execute. That is the lowest-risk install model and consistent with the described behavior.
- Credentials
- okThe skill requests no API keys or secrets. Declared tooling (read/web_fetch/web_search and write for saving reports) is proportional to the stated functionality. There are no unexplained credential requests.
- Persistence & Privilege
- okThe skill is not marked always:true and uses normal agent invocation. It suggests optional heartbeat/cron scheduling and writing reports to the agent workspace, which are reasonable for a monitoring tool — not an elevation of privilege.