Skillv0.3.3

ClawScan security

dada · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 28, 2026, 11:39 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation, package metadata, and runtime instructions are internally consistent with a hosted backend CLI for agents; the main risks are normal supply‑chain/network use (npx or downloading a binary) and storing a local keypair for authentication.
Guidance: This skill appears to do what it says: it documents a CLI that talks to a hosted backend and uses a locally stored Ed25519 keypair for authentication. Before installing or running the CLI, consider: (1) npx will download and execute code from the npm registry — review the @usedada/cli package source (or prefer a GitHub release binary you inspected); (2) understand where the hosted service stores your data and webhooks (retention, encryption, who can access it); (3) the login creates a private key on disk — treat it like a secret and avoid running the CLI as a privileged/system user; (4) verify the GitHub repo and usedada.dev site to confirm vendor identity and release integrity. If you want higher confidence, ask the publisher for hashes/signatures of release binaries, the CLI source, and a privacy/security/privacy policy describing data handling. Additional artifacts (the actual CLI code or release hashes) would raise confidence to high.

Review Dimensions

Purpose & Capability: okThe name/description (hosted backend for agents) matches the CLI commands in SKILL.md: project/table/record management, webhooks, file hosting primitives and collaboration. The included package.json points to the same project/author and does not request unrelated capabilities.
Instruction Scope: noteSKILL.md instructs the agent/user to install/run a remote CLI (npx @usedada/cli or a GitHub release) and to run commands that create/modify project state and webhooks. It documents that 'dada login' creates an Ed25519 keypair stored locally — expected for authentication but a sensitive artifact. The instructions do not ask the agent to read unrelated files, environment variables, or system configs beyond creating a local keypair and invoking networked CLI commands.
Install Mechanism: noteThere is no bundled install spec in the skill; SKILL.md directs users to npx (npm) or GitHub Releases. Fetching and executing remote code via npx or an arbitrary release binary is a supply‑chain/runtime risk but is consistent with a CLI distributed via npm or releases. No install artifacts are included in the skill itself.
Credentials: okThe skill declares no required environment variables or external credentials. The CLI uses a locally generated Ed25519 keypair for identity, which is proportional to a hosted service login. There are no requests for unrelated credentials or system secrets in the SKILL.md.
Persistence & Privilege: okThe skill is not always‑enabled and is user‑invocable; it does not request persistent platform privileges. The only local persistence described is the login keypair stored on disk, which is reasonable for a CLI that authenticates to a hosted service.