Skillv0.1.1

ClawScan security

Agent Visio User · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 20, 2026, 11:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (onboarding into a Visio-based repo) mostly matches the requested binaries, but it declares a VISIO_BRIDGE_TOKEN requirement and asks you to run repository Python scripts without explaining or showing how that token is used — that mismatch and the instruction to run external code are concerning.
Guidance: This skill is an instructions-only bootstrap that points an agent at an external GitHub repo and tells the agent to run Python smoke-test scripts from that repo. Before installing or running it: 1) Inspect the referenced repository (especially the Setup/*.py scripts) to see what they do—look for network calls, credential usage, and files they create or modify; 2) Do not expose your real VISIO_BRIDGE_TOKEN until you confirm what service it authenticates and what permissions it needs—use a scoped or temporary token and rotate it after testing; 3) Run the smoke tests in an isolated/sandbox environment (VM or container) so arbitrary repo code cannot access sensitive host resources; 4) Prefer cloning over HTTPS if you cannot guarantee SSH key safety, and avoid running repo scripts as root; 5) Ask the skill author to clarify where VISIO_BRIDGE_TOKEN is used and to add explicit instructions about inspecting repository code before execution. These steps will reduce the risk of accidental credential exposure or executing unexpected code.

Review Dimensions

Purpose & Capability: noteName/description ask the agent to clone a GitHub repo and run Python-based smoke tests; requiring git and python is reasonable and proportionate. However, the declared required environment variable (VISIO_BRIDGE_TOKEN) is not referenced anywhere in SKILL.md, which creates an unexplained requirement.
Instruction Scope: concernSKILL.md instructs cloning the upstream repo and running repository Python scripts (Setup\prepare_smoke_test.py, run_draw_job.py, execute_drawdsl.py). Running code pulled from an external repo can execute arbitrary actions (network calls, file I/O, invoking Visio bridge). The instructions do not tell the agent or user to inspect those scripts first, nor do they show how VISIO_BRIDGE_TOKEN is supplied to the runtime, so the runtime behavior and data usage are not fully scoped.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code bundled — minimal install risk. It relies on existing git and python, which is expected for its stated workflow.
Credentials: concernOnly one environment variable (VISIO_BRIDGE_TOKEN) is declared. That could be appropriate for a Visio bridge, but SKILL.md never documents where or how it is used. Requesting a token without context (service endpoint, scope, or why it's needed for the smoke test) is disproportionate and unclear. The skill also suggests using SSH git URLs which implicitly requires SSH keys; this is expected but should be documented as a consideration.
Persistence & Privilege: okThe skill does not request always:true, does not include an install hook, and does not modify other skills or system-wide settings. Autonomous invocation is allowed (default), which is normal for skills — no extra persistence privileges requested.