skill-audit

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI01: Agent Goal Hijack

What this means

Skill installs may take an extra scanning step before the agent reports success.

Why it was flagged

This instruction changes the agent’s normal install workflow by requiring the scanner to run after skill installation. It is disclosed and purpose-aligned, but users should know it can trigger automatically in that context.

Skill content

When the clawhub skill is used to install a new skill, ALWAYS run skill-audit on the installed skill BEFORE confirming success to the user.

Recommendation

Allow this behavior only if you want an automatic pre-install or post-install security check for skills.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

If approved with the wrong path, a deletion command could remove more than intended.

Why it was flagged

The skill documents a destructive shell command to remove a flagged skill folder. It is scoped to the skill path and requires user confirmation, but path verification matters.

Skill content

If user confirms deletion: `rm -rf <skill-path>`

Recommendation

Before confirming deletion, check that the path points only to the intended skill folder.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

The skill depends on a local Python runtime even though that dependency is not declared in the requirements section.

Why it was flagged

The skill relies on running a bundled Python helper, while the registry requirements declare no required binaries and there is no install spec. The helper is present in the manifest, so this is an under-declaration note rather than a concern.

Skill content

python3 {baseDir}/scripts/scan_skill.py <path-to-installed-skill> --json

Recommendation

Ensure python3 is available and review the bundled script if using this in a sensitive environment.

Findings (2)

critical

suspicious.dangerous_exec

Location: scripts/scan_skill.py:250
Finding: Shell command execution detected (child_process).

critical

suspicious.dynamic_code_execution

Location: scripts/scan_skill.py:249
Finding: Dynamic code execution detected.