Skillv1.2.1

ClawScan security

Version Drift Publish · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 10:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (checking installed vs latest versions across local, SSH and HTTP targets); it is powerful but coherent with that purpose.
Guidance: This skill is coherent with its stated purpose, but it is powerful: it will run arbitrary shell commands locally and over SSH and will issue HTTP requests to any URL you configure. Before you install or run it: (1) review config.yaml carefully — any command in 'installed' will be executed; (2) keep secrets minimal and put them in environment variables with least-privilege tokens (the script will expand and use any ${VAR} you reference); (3) prefer a non-root SSH user with read-only permissions where possible; (4) be aware it writes a state file (state.json) in the working directory; (5) consider running first in a sandbox or CI runner with limited credentials; (6) if you need stronger SSH host verification, explicitly set strict_host_key in your config instead of using the default accept-new. If you want further checks, provide the full drift.py for deeper code review (the supplied snippet is large but truncated in places).

Review Dimensions

Purpose & Capability: okThe name/description say it will SSH, call HTTP APIs, and run local commands to discover versions; the included config examples and drift.py implement exactly that. No unrelated credentials or binaries are requested.
Instruction Scope: noteSKILL.md and drift.py permit executing arbitrary shell commands on local and remote hosts, fetching arbitrary HTTP endpoints, and saving state to a local file. That is necessary for the stated goal, but it gives the script high power — any command you place in config.yaml will be executed.
Install Mechanism: okThere is no install spec and no remote downloads; this is an instruction-only skill with an included Python script. It optionally uses pyyaml if installed but falls back to JSON. No high-risk installers or external archives are pulled.
Credentials: concernThe skill declares no required env vars but reads environment variables at runtime (expand_env, and optional GITHUB_TOKEN for GitHub API rate limits). config.example.yaml shows placeholders like ${HA_TOKEN} and ${API_KEY}. The skill will expand and use any env var referenced in your config, so it can access secrets you place into environment variables even though none are listed in the metadata.
Persistence & Privilege: noteNot always-included and not auto-installed. The tool writes a local state file (default state.json) to track drift and uses SSH with StrictHostKeyChecking=accept-new by default (trust-on-first-use). Both behaviors are normal for this tool but worth noting for operational security.