Skillv0.1.0

ClawScan security

Kuren · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 10:09 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it documents and requires a single CLI binary (kuren) and its instructions match the described identity/email functionality; nothing requested is disproportionate to that purpose.
Guidance: This skill appears coherent and does what it says: it wraps a kuren CLI that gives an agent an identity and @agent.kuren.ai email. Before installing: verify the kuren crate/source (crates.io project, GitHub repo or vendor) and consider pinning a specific version; review its code or vendor reputation because `cargo install` compiles and runs third‑party code on your machine. Protect the local key directory (~/.kuren) and back it up as the docs warn. If you are uncomfortable letting a third‑party CLI access network/email on your host, test it first in a container or VM. If you need help auditing the kuren crate or its network endpoints, I can list concrete checks to perform.
Findings: [no_code_files_to_scan] expected: This is an instruction-only skill; the static scanner had no code to analyze. The primary runtime behavior depends on an external kuren binary installed via cargo.

Purpose & Capability: okName/description (agent identity, email, messaging) align with the runtime instructions and required binary. Requiring a kuren CLI is appropriate for a CLI-driven integration that issues and reads mail and messages.
Instruction Scope: okSKILL.md only instructs use of the kuren CLI (signup, login, send/read email, listen for events, manage notes/profiles). It does not ask the agent to read unrelated files or environment variables, nor to transmit data to unexpected endpoints beyond what the kuren service implies.
Install Mechanism: noteNo bundled code files; installation is via `cargo install kuren` (crates.io). This is a reasonable, expected install method for a Rust CLI, but installing arbitrary packages carries execution risk — cargo will compile/run code on the host. Consider this moderate operational risk and verify the crate/source before installing.
Credentials: okThe skill declares no environment variables or external credentials. It stores keys locally under ~/.kuren, which is expected for a local identity CLI. Requiring no unrelated credentials is proportionate.
Persistence & Privilege: okalways:false and model invocation allowed (default). The skill does not request persistent platform-wide privileges or modify other skills. Local key storage is normal for the service described.