Skillv1.2.1

ClawScan security

Os Update Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 25, 2026, 11:42 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its description: it enumerates upgradable packages, fetches changelogs, and classifies risk without requiring credentials or installing software; the main residual risk is that fetching changelogs involves outbound network calls that reveal package names to remote registries.
Guidance: This skill appears to do what it says: list upgradable packages and fetch changelogs. Before installing or running it, consider: 1) Network/privacy — changelog fetches (especially npm registry calls) will send package names to remote servers; run with --no-changelog if you need a purely local check. 2) Least privilege — run the script as an unprivileged user or inside a container if you want to limit what package manager metadata can reveal. 3) Inspect the bundled script yourself (scripts/check_updates.py) if you want to confirm there are no hidden network endpoints beyond standard registries. 4) If you operate in a locked-down environment, test in a staging VM to confirm the commands used are acceptable for your policies.

Review Dimensions

Purpose & Capability: okName/description match the provided code and SKILL.md. The included Python script implements discovery of package managers, listing upgradable packages, fetching changelogs, and classifying risk — which is exactly the stated purpose. There are no unexpected credentials, binaries, or config paths requested.
Instruction Scope: noteSKILL.md and the script are consistent about using read-only package manager commands and fetching changelogs. However, fetching changelogs (apt via apt changelog, npm registry via HTTPS) will perform outbound network requests and therefore may disclose the list of packages (or package names) to upstream servers. This behavior is documented in SKILL.md but is the primary privacy/network surface to be aware of.
Install Mechanism: okThere is no install spec (instruction-only skill) and the code is bundled in the skill. Nothing in the manifest downloads or executes external archives or adds persistent binaries. Risk from the install mechanism is low.
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate. It does perform network I/O (apt changelog, npm registry via urllib), which is reasonable for changelog fetching but could expose package names to remote endpoints. No elevated privileges are requested in metadata, but some package manager commands may behave differently when run as root vs unprivileged user.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or modify agent/system configuration. It simply runs read-only commands at invocation time.