Skillv1.0.0

ClawScan security

EMR Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 4:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files generally match its stated diagnostic purpose, but embedded scripts run shell commands with unsanitized user inputs (shell=True) and attempt local service connections — a potential injection/data-access risk that you should review before installing.
Guidance: This skill appears to do what its description says (reading logs, checking services, and suggesting tuning). Before installing: 1) Review the three included Python scripts yourself — they execute many shell commands and interpolate arguments into shell strings (shell=True), which can enable command injection if untrusted inputs are passed. 2) Only run this skill in a trusted environment (or a sandbox) with limited attacker-exposed inputs. 3) If you plan to use it in production, consider hardening: sanitize/validate service_name and numeric parameters, avoid shell=True (use list args), and audit any commands that connect to local services (e.g., MySQL). 4) Confirm you are comfortable with the skill reading system config files and /var/log/* on the host. If you cannot review or harden the scripts, treat the skill as risky and avoid installing it on sensitive infrastructure.
Findings: [use-of-subprocess-shell] unexpected: All three scripts use subprocess.run(..., shell=True) to execute system commands. Using shell=True is common for quick diagnostics but increases risk if user-controlled inputs are interpolated into shell strings. [unsanitized-arg-interpolation] unexpected: Scripts accept a service name and other args from the command line and insert them directly into shell commands (e.g., ps/grep, generic '--version' fallbacks). If an agent supplies a crafted service_name, this could result in shell injection. This is a security weakness in implementation, even if not intentionally malicious. [local-db-connection-command] expected: check_service_status.py includes a StarRocks version check that runs a local mysql command (mysql -h 127.0.0.1 -P 8030 -u root -e 'SHOW FRONTENDS;'). Local database queries are reasonable for service discovery/versioning, but this will attempt to connect as root without credentials and may surface local DB output.

Review Dimensions

Purpose & Capability: okName/description claim a local Linux EMR/BigData diagnostics tool. The included scripts read logs, check processes/ports, and parse configs for many Hadoop-ecosystem services — this is coherent with the stated purpose. Config/log paths under /etc/taihao-apps and /etc/ecm are nonstandard but reasonable for a packaged environment.
Instruction Scope: noteSKILL.md instructs running the three included Python scripts to inspect service status, config, and logs. Those scripts perform local file reads and execute system commands (ps/ss/netstat/ls/grep/tail/awk/systemctl/version commands) which are expected for diagnostics. However the scripts accept user-supplied service names/line counts and interpolate them into shell commands executed via subprocess.run(..., shell=True) without explicit sanitization, creating a possibility for shell injection or unintended command execution if untrusted inputs are passed.
Install Mechanism: okNo install spec or external downloads — the skill is instruction-only with bundled scripts. Nothing is fetched from external URLs or installed automatically, which reduces supply-chain risk. The included code will be written to disk when the skill is installed/executed by the agent.
Credentials: noteThe skill requests no credentials or environment variables and does not call external endpoints. It does, however, read system config files and logs (e.g., /etc/... and /var/log/...) and attempts local service connections (e.g., invoking mysql -h 127.0.0.1 -P 8030 -u root -e ...) — these are consistent with a local diagnostics tool but grant the skill broad read access to system logs/configs. No network exfiltration endpoints are declared.
Persistence & Privilege: okalways is false and the skill does not request persistent elevated platform privileges or attempt to modify other skills. It runs on demand via the included scripts; autonomous invocation is allowed by default but not unusual for skills.