Back to skill
Skillv1.0.0
ClawScan security
Claude Code Controller · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 3:41 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and files match a Claude Code controller, but the package metadata omits required environment/config declarations and it references home/system paths and example connectors that raise proportionality and scope questions.
- Guidance
- Before installing or enabling this skill: - Expect it to require an Anthropic API key (ANTHROPIC_API_KEY) and to read/write ~/.claude/* files; the metadata currently does not declare these — treat that as a red flag and confirm with the author. - Inspect and if needed sandbox the included scripts (scripts/launch-claudecode.sh) before running; it will create project/.claude/settings.json and invoke the claude CLI. - Only install @anthropic-ai/claude-code from the official registry and verify package provenance. - Review any MCP/database examples carefully: configuration can launch helper processes (npx ...) that may access databases or filesystem paths — don’t provide DATABASE_URL or broad ALLOWED_PATHS unless you trust the skill. - Avoid placing sensitive keys in project files; keep ANTHROPIC_API_KEY in a secure secret store and verify the skill does not leak it to unexpected endpoints. - If you need higher assurance, run the skill in an isolated environment (container or VM) and require the author/source to provide signed or repository-traceable code and a declared list of required env vars/config paths.
Review Dimensions
- Purpose & Capability
- noteThe skill's name, description, SKILL.md, and the provided launch script consistently implement a controller for Anthropic Claude Code (installing/using the claude CLI, configuring ~/.claude, running tasks). However the metadata claims no required env vars or config paths while the runtime docs and script clearly require ANTHROPIC_API_KEY and rely on ~/.claude files — this discrepancy is unexpected and should be justified.
- Instruction Scope
- concernSKILL.md instructs the agent/user to install and run the claude CLI, create and edit project-level ~/.claude/settings.json, read logs (~/.claude/logs/latest.log) and run claude in interactive/ACP sessions. Those actions are consistent with a controller, but they grant the skill access to user home config, logs, and (via MCP examples) potentially databases or filesystem bridges. The instructions also reference absolute/root-like paths in docs (e.g., /root/.openclaw/workspace) which implies assumptions about environment privileges.
- Install Mechanism
- okThere is no automatic install spec in the skill bundle (instruction-only). SKILL.md recommends installing @anthropic-ai/claude-code via npm (a normal public registry package). The included shell script is simple and does not download arbitrary archives or external payloads. No high-risk download URLs or extract steps are present.
- Credentials
- concernThe metadata declares no required environment variables, yet SKILL.md and scripts require ANTHROPIC_API_KEY and reference other env examples (ANTHROPIC_MODEL, DATABASE_URL in MCP examples). This mismatch is disproportionate and could lead to implicit credential use. The skill also expects to read/write ~/.claude config and logs — access that should be explicitly declared and limited.
- Persistence & Privilege
- okThe skill does not request always:true and does not include install-time mechanisms that modify other skills. The launch script writes a project-local .claude/settings.json if missing; that is normal for a tooling helper. No evidence the skill attempts to change system-wide agent config or persist credentials beyond normal config files.