Skillv1.0.0

ClawScan security

Operator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 11, 2026, 3:31 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The instructions, file reads/writes, and network endpoints in SKILL.md are consistent with a fleet-management tool that uses an Operator API; nothing requested is disproportionate to that purpose.
Guidance: This skill appears to be what it says: a thin set of instructions to talk to an Operator service and store an Operator API key in ~/.operator/config.json. Before installing or using it, verify that you actually trust the operator.io domain and the service owner (there's no homepage or source listed). Be aware that the flow will create a plaintext JSON file with your API key in your home directory — set its permissions (chmod 600 ~/.operator/config.json) and treat the key like any secret. Confirm the API key scopes/privileges on the Operator side and rotate the key if you later suspect compromise. If you need higher assurance, ask the publisher for source code or an official homepage and verify the owner identity; without that provenance you are trusting the remote Operator service and whoever controls the operator.io domain.

Purpose & Capability: okThe skill's name and description describe an Operator fleet manager and the runtime instructions exclusively target an Operator service (https://www.operator.io) and an on-disk Operator config (~/.operator/config.json). Required capabilities (auth, instance lifecycle, logs, webhooks) align with the API calls shown.
Instruction Scope: okSKILL.md limits its operations to reading/writing ~/.operator/config.json, running small one-shot python/curl commands, and contacting operator.io endpoints. The only local file referenced is the per-user config, which is appropriate for storing an API key. The instructions do not request unrelated system files, environment variables, or external endpoints outside the Operator service.
Install Mechanism: okThere is no install spec and no code files — the skill is instruction-only and relies on standard system tools (python3, curl). No downloads or archive extraction are performed.
Credentials: okThe skill does not request any environment variables, credentials, or config paths beyond a single per-user config file (~/.operator/config.json) that is used to store the Operator API key and URL. That is proportionate to a CLI-style API client.
Persistence & Privilege: okThe skill does not request always:true and does not attempt to modify other skills or system-wide agent settings. It instructs creating a per-user config file to persist the API key, which is expected behavior for a manager CLI.