Skillv1.0.0

ClawScan security

Catalog · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 11, 2026, 9:35 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is small and probably benign, but its metadata and instructions are inconsistent (it asks the agent to run `node` without declaring it and documents a `duration` field that the JS file doesn't return).
Guidance: This looks like a harmless, tiny catalog skill, but there are two small inconsistencies you should resolve before installing: - The SKILL.md tells the agent to run `node {baseDir}/catalog.js`, but the skill manifest does not declare `node` as a required binary. Either ensure the runtime environment has Node available or add `node` to the skill's required binaries. - SKILL.md states the JSON includes `duration`, but catalog.js returns only `name` and `price`. Decide whether durations should be provided (and update catalog.js) or change the documentation to match the actual output. The skill instructs the agent not to invent values — if the field is absent, the agent must not fabricate it. Also keep in mind that the Exec Tool will run a local command; confirm you trust running local scripts from this skill. After fixing the two mismatches above, the skill is coherent and low-risk.

Purpose & Capability: concernThe skill claims to be a simple catalog and includes a small catalog.js file — that matches the stated purpose. However, the runtime instructions require running `node {baseDir}/catalog.js` but the skill manifest does not declare `node` as a required binary. Also SKILL.md says the JSON will include `duration`, but catalog.js returns only `name` and `price`. These metadata/instruction mismatches are incoherent and should be fixed.
Instruction Scope: noteSKILL.md explicitly instructs using the Exec Tool to run the local Node script and to only use the returned JSON (do not invent values). The instruction scope is narrow and appropriate for a catalog skill, but it relies on executing a local command (node) — verify that executing local scripts is acceptable in your environment.
Install Mechanism: okNo install spec and only a tiny JS file are included. Nothing is downloaded or written during install — low risk.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths — consistent with a simple local catalog.
Persistence & Privilege: okThe skill is not forced-always, is user-invocable, and uses the default autonomous invocation setting. Nothing in the skill requests elevated or persistent platform privileges.