Skillv1.0.1

ClawScan security

Code Reputation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 6:46 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it implements a Raysurfer-backed code cache, only needs a Raysurfer API key, and its code and SKILL.md match that purpose — but it will send any code you explicitly upload to an external service, so avoid uploading secrets or running retrieved code blindly.
Guidance: This skill does what it says: it sends and retrieves code to/from Raysurfer using the RAYSURFER_API_KEY. Before installing or using it: (1) Only provide the RAYSURFER_API_KEY if you trust the Raysurfer service and the account scope matches what you intend. (2) Never upload files that contain secrets (API keys, passwords, private keys) or PII — uploaded files are sent to the external service for caching. (3) When using retrieved code, review it before executing in your environment; cached snippets could contain unsafe operations. (4) The Python 'raysurfer' package is required — install it from PyPI and inspect its code if you have concerns. If you need stronger guarantees, ask for a version that supports client-side redaction or explicit filtering of sensitive content before upload.

Review Dimensions

Purpose & Capability: okName/description (semantic code caching) aligns with the implementation and declared requirement. The skill calls a Raysurfer client, exposes search/files/upload/vote commands, and declares RAYSURFER_API_KEY as the required credential — all of which are expected for a remote code-cache integration.
Instruction Scope: noteSKILL.md and the CLI instruct the agent/user to retrieve, write, and upload code files. The skill writes retrieved files to a cache directory and reads local files you specify when uploading. This is expected for the feature, but it means user files (including any embedded secrets) will be transmitted to Raysurfer when you run upload — the instructions do not attempt to read arbitrary system files without user-specified paths.
Install Mechanism: okThere is no install spec; the skill is instruction-only and ships a Python CLI that depends on the public 'raysurfer' package. No external downloads or obscure URLs are used. The only install requirement is a standard Python package (raysurfer), which is proportional to the declared functionality.
Credentials: noteOnly a single environment variable (RAYSURFER_API_KEY) is required and is the declared primary credential — this matches the skill's purpose. Be aware that this key grants access to the external Raysurfer account, and any code contents you upload will be accessible to that service. Do not store secrets or credentials inside code you plan to upload.
Persistence & Privilege: okThe skill does not request 'always: true' or any elevated platform privileges. It doesn't attempt to change other skills' configs. Normal autonomous invocation is allowed (disable-model-invocation is false) which is expected for skills; nothing else requests persistent system-level privileges.