Skillv1.0.2

ClawScan security

sentinel_download · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 12:51 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with a STAC-based Sentinel imagery downloader; nothing requests unrelated credentials or installs opaque third‑party binaries, though it will download data and may install Python packages via pip.
Guidance: This appears to be a legitimate STAC-based Sentinel downloader, but take these precautions before running: 1) Run the scripts in a Python virtual environment (or container) to avoid global pip installs. 2) Test with small --limit values and a small bbox to confirm behavior before large downloads. 3) Verify the STAC API endpoint you use — pointing to an untrusted custom STAC can cause the tool to download data from arbitrary hosts. 4) Ensure you have sufficient disk space and bandwidth; downloads may be large. 5) If you need access to protected data sources, prefer to supply credentials manually and review or extend the code to handle auth securely (the skill currently does not manage secrets). 6) Review the included sentinel-download.py if you want to confirm there is no additional telemetry or hidden network behavior (the provided code shows only the expected STAC/search and asset GET requests).

Review Dimensions

Purpose & Capability: okName/description match the delivered files and behavior: the scripts query STAC endpoints and download assets. Declared/default STAC endpoints (Microsoft Planetary Computer, AWS Earth Search) are appropriate. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md and the bash wrapper instruct the agent to run the included Python script which: posts to a STAC /search endpoint, parses results, and downloads asset URLs to disk. This stays within the stated purpose. Notes: the tool can download large files and will write them to the filesystem; it accepts a custom --stac-api so if the user points to an arbitrary or malicious STAC endpoint it could download assets from arbitrary hosts. The scripts also attempt to pip-install dependencies if missing (global installs).
Install Mechanism: noteNo formal install spec in registry; this is instruction/code-only. Dependencies are installed via pip as documented and the bash wrapper will auto-install missing Python packages. This is common but performs network fetches and writes to disk (global Python package installation unless the user uses a virtualenv). There are no downloads from obscure URLs or archive extracts in the package itself.
Credentials: okThe skill declares no required environment variables or credentials, which matches the code. The README notes some data sources may require registration; the tool does not embed or request secrets—if users need authenticated STAC access they would need to supply credentials separately (not handled automatically by the skill).
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide agent settings. Its persistent effects are limited to installing Python packages (if user runs check/install) and writing downloaded imagery to chosen output directories.