Skillv1.0.2

ClawScan security

Deep HJB Solver Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 6:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (scaffolding HJB problem code) but the runtime instructions require the agent to copy bundled framework files into the user's repo immediately and without asking, which is intrusive and risks overwriting files.
Guidance: This skill appears to do what it says (scaffold HJB problem code using a bundled TensorFlow DGM framework) and does not request credentials or perform network operations. However, before installing or letting an agent run it autonomously, consider the following: - The SKILL.md orders the agent to copy bundled assets into your repository immediately and without asking. That will write files into your repo (creating <slug>/src, examples/, requirements, etc.) and could overwrite existing files. Back up your repo or run in an isolated project first. - Review the bundled assets/ directory (assets/src, plot_training_csv.py, requirements.txt) locally before running any automatic copy. The included scaffold script (scripts/scaffold_hjb_problem.py) has safer checks; prefer running that script yourself rather than blindly executing the cp commands in SKILL.md. - The skill requires TensorFlow, numpy, matplotlib (assets/requirements.txt). Ensure you run in an environment where installing/using these packages is acceptable. - If you plan to let an agent invoke this skill autonomously, require user confirmation before any filesystem modifications or modify the SKILL.md to prompt before copying (or use non-overwriting copy options). If you need more assurance, ask the skill author to remove the "do it immediately without asking" language or to implement a safe dry-run option. Confidence is medium because the codebase and instructions are coherent with the purpose, but the mandatory, non-consensual file-copy instruction is an intrusive behavior that merits caution.

Review Dimensions

Purpose & Capability: okName/description, included assets, scaffold script, templates, and plotting utilities all align with a repository-scaffolding HJB solver skill; no unrelated credentials, binaries, or network endpoints are requested.
Instruction Scope: concernSKILL.md explicitly instructs the agent to run shell copy commands immediately and without asking the user (cp -r <SKILL_DIR>/assets/src/. <slug>/src/ and similar). That directs the agent to write files into the user's repository root and could overwrite existing files; it's an intrusive filesystem operation performed without user confirmation. The scaffold script included is more cautious, but the SKILL.md commands (and the hard requirement to execute them immediately) give the agent broad, automatic write privileges.
Install Mechanism: okNo install spec is present (instruction-only with bundled assets). This is low-risk relative to remote downloads or executing third-party installers; assets are bundled in the skill and no archive downloads or URL fetches are required.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The code uses only local filesystem paths and standard Python/TensorFlow libs; requested runtime access is therefore proportionate to the stated task.
Persistence & Privilege: notealways:false and no persistent installation are used. However, the instructions give the agent explicit authority to modify the user's repo (create/copy files) automatically. While not an elevated platform privilege flag, this behavior should be considered when allowing autonomous invocation.