Skillv1.9.72

ClawScan security

Deploy Public · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 9:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it claims (sync a private repo to a public mirror) but has mismatches between its declared requirements and what the script actually uses, and it performs potentially destructive GitHub operations that you should review and consent to.
Guidance: This script generally does what it says: it reads a private repo, copies files (excluding ai/), creates or updates a public repo, creates/merges PRs, and syncs releases. Before using it: (1) Ensure the machine has all required tools — the script uses node and rsync even though the metadata lists only git, gh, and bash; install node and rsync or update the manifest. (2) Understand that gh must be authenticated to access the private repo and to create/push to the public repo; confirm the GH auth token/SSH key and scopes are appropriate. (3) Review the script and test on a non-critical repo — it may delete stale branches on the public repo and push/merge commits. (4) If you need tighter control, consider running the script manually rather than allowing autonomous invocation, and update SKILL.md/manifest to explicitly declare node, rsync, and any optional env vars (HARNESS_ID) to remove the metadata mismatch.

Review Dimensions

Purpose & Capability: concernThe script's behavior (cloning public repo, rsync’ing from private excluding ai/, creating PRs, merging, creating repos, and syncing releases) matches the stated purpose. However the code invokes node (node -p ...) and rsync, but the skill metadata and SKILL.md only declare git, gh, and bash as required binaries. Omitting node and rsync from declared requirements is an inconsistency that can cause failures and indicates the manifest is incomplete.
Instruction Scope: noteSKILL.md instructs running the included shell script and describes the expected workflow. The runtime instructions and the script stay within the stated purpose, but the script requires access to the private repo (to read package.json, git history, and release notes) and will call GitHub via gh for both private and public repos. It also optionally reads HARNESS_ID env var (not documented as required). These behaviors are expected for a sync tool but are important privileges to acknowledge.
Install Mechanism: okThis is an instruction-only skill with an included shell script and no install spec. Nothing is being downloaded or installed by the registry; the script runs local tools. This is lower-risk than arbitrary remote installs.
Credentials: noteThe skill declares no required env vars, but it implicitly depends on the user's gh authentication and SSH/git credentials to push and create repos, and it may use an optional HARNESS_ID env var. It requests broad GitHub-side permissions (repo creation, branch deletion, pushing, editing releases) via the gh CLI — appropriate for the task but high-impact, so you should confirm the gh auth token used has appropriate scopes and is trusted.
Persistence & Privilege: okalways is false and there is no install-time persistence. The skill does perform destructive/privileged GitHub actions (creating repos, merging PRs, deleting branches) when invoked, but it does not request special platform-level persistence or alteration of other skills.