Skillv98.0.1

ClawScan security

Develop Secure Contracts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 5:22 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and data access are consistent with its stated purpose (integrating OpenZeppelin components into a user's project), but it reads project and dependency files (including home directory cache locations) and calls out optional generator tools without declaring those paths/tools explicitly — something users should be aware of before use.
Guidance: This skill is coherent with its stated goal: it will read your project files and installed dependency sources (node_modules, cargo registry cache, Foundry/forge paths) and may clone canonical repositories or use local generator tools if available. Before enabling or running it, consider: 1) Only run it on projects you are comfortable the agent can read (it will enumerate and open code files and dependency caches). 2) Don’t use it on repos containing private keys, secrets, or proprietary third-party code unless you trust the environment. 3) If you need to restrict its scope, provide a specific project path and deny access to other directories; check agent/file-access policies. 4) Ask whether the agent will transmit code or diffs externally (the SKILL.md doesn’t instruct exfiltration, but outputs will include code snippets unless you request otherwise). If you want higher assurance, request the skill author to add explicit metadata listing filesystem paths the skill will read and to document any network operations (cloning) or required helper tools; that would increase confidence in the evaluation.

Review Dimensions

Purpose & Capability: okThe name/description (OpenZeppelin integration and secure contract development) matches the runtime instructions: the SKILL.md repeatedly instructs the agent to inspect project source, dependency code, and library docs and to prefer library components over custom code. Reading imports, node_modules, forge/lib paths, and cargo caches is appropriate for this purpose.
Instruction Scope: noteInstructions require the agent to search and read the user's project files (e.g., **/*.sol, **/*.cairo, **/*.rs) and dependency sources (node_modules/@openzeppelin/contracts/, lib/openzeppelin-contracts/, ~/.cargo/registry/src/, target/). They also instruct cloning/browsing canonical repositories and optionally invoking external MCP generator tools if available. That scope is reasonable for library-first integration, but it means the agent will access project files and certain home-directory caches and may perform network operations to clone repos — the SKILL.md does not explicitly document limits or ask for consent for those reads/operations.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That is the lowest-risk installation model and is consistent with the described behavior.
Credentials: noteThe skill requests no environment variables or credentials (good). However, the instructions reference specific filesystem locations (project dirs, node_modules, cargo cache under the user's home) even though 'required config paths' is empty. This is a transparency gap: the skill will read user files but doesn't declare those paths in metadata.
Persistence & Privilege: okalways:false and no install actions are requested. The skill does not ask to persist configuration or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other elevated privileges.