Skillv1.0.0

ClawScan security

Artifact Signing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 6:04 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions are consistent with an artifact-signing utility; it asks for and uses a private key file to produce detached signatures and does not attempt unexpected network access or credential harvesting.
Guidance: This skill appears to be what it claims: a local artifact-signing utility. Before installing or using it: 1) Do not place production private keys where the agent or this skill can access them unless you explicitly intend it; prefer dedicated signing keys or an HSM/service for production signing. 2) The script expects an unencrypted PEM (password=None); if you require password-protected keys, modify the code to prompt for or accept a password, or use secure key storage. 3) Run and review the script in an isolated environment first (verify there is no unexpected network activity), and audit the code if you intend to use it for sensitive signing. 4) Ensure the 'cryptography' dependency is installed from a trusted source (pip from PyPI) and keep file permissions on private keys restrictive. If you want the skill to run autonomously, explicitly avoid granting it filesystem access to any sensitive key locations.

Review Dimensions

Purpose & Capability: okThe name/description match the included scripts and examples: the sign_artifact.py signs a file with a PEM private key and the verify_skill.py runs a local test. There are no unrelated binaries, env vars, or config paths required.
Instruction Scope: okSKILL.md limits runtime actions to loading a local PEM private key, reading a specified artifact file, producing a detached signature, and advising verification. The provided scripts only operate on files you pass and do not contact external endpoints or read unrelated system files. (Note: sign_artifact.py expects an unencrypted private key — encrypted PEMs with passwords are not handled.)
Install Mechanism: okThere is no automated install step and no downloads; the skill is instruction-only for a local Python script and asks the user to install the widely used 'cryptography' library via pip. No suspicious install URLs or archive extraction are present.
Credentials: noteThe skill requests no environment variables or external credentials. It requires the user to supply a private key file path at runtime, which is appropriate for signing. However, supplying production signing keys to this skill (or letting the agent access a directory with such keys) is a sensitive choice — the script can sign any artifact presented to it, so key exposure risks must be considered.
Persistence & Privilege: okThe skill does not request permanent/always-on presence, does not modify other skills or global agent settings, and contains no installation that persists code beyond the included files. Autonomous invocation is allowed by platform default but not accompanied by other red flags.