Skillv1.0.0

ClawScan security

F5tts Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 5, 2026, 5:40 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The instructions mostly match a monitoring task, but there are ambiguous / undeclared assumptions (SSH access, the 'uv' tool, and where/whom HEARTBEAT.md changes are reported) that should be clarified before installing.
Guidance: This skill appears to be a simple monitoring guide, but it assumes SSH access to a host called 'Local-LLM' and write access to unspecified HEARTBEAT.md files without declaring credentials or file locations. Before installing: (1) verify you trust the Local-LLM host and that the agent's SSH identity is correctly scoped (use a dedicated key or jump host if possible); (2) confirm the intended location and recipient for HEARTBEAT.md updates and whether overwriting files is allowed; (3) check whether the 'uv' tool exists on the target and what it means in your environment; (4) run the listed commands manually once to confirm behavior and outputs. If these questions aren't answered by the skill author, treat the skill as potentially risky and avoid granting it access to your SSH keys or production hosts.

Review Dimensions

Purpose & Capability: noteThe name and description match the commands in SKILL.md (ssh to Local-LLM, run nvidia-smi, tail training logs, check free/uptime). However the skill assumes existing SSH access to a host named 'Local-LLM' and access to /mnt/toshiba/projects/F5-TTS/, neither of which are declared in the metadata as required credentials or paths.
Instruction Scope: concernRuntime instructions tell the agent to SSH into a specific host and to read a specific disk path and log file — appropriate for monitoring, but the SKILL.md also instructs the agent to 'update your HEARTBEAT.md files locally' (location and destination for these updates is unspecified) and to report to 'Master Seiya' (unclear channel). It also insists on using 'uv' for Python interaction although 'uv' is not declared or explained. These ambiguities could cause the agent to read, modify, or transmit files unexpectedly.
Install Mechanism: okInstruction-only skill with no install spec or code to write to disk; low installation risk.
Credentials: noteThe skill declares no required env vars or credentials, yet operation requires SSH access to a named host and read permissions on /mnt/toshiba/… . The absence of declared credentials is not necessarily malicious but is a gap: the agent will need SSH keys/agent or other auth, which are not described or scoped.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent privileges. It does instruct writing to local HEARTBEAT.md files, which is within normal monitoring behavior but should be clarified (which files, where).