Skillv1.0.0

ClawScan security

nmap MCP server for AI-assisted network security auditing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 9:37 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, documentation, and runtime instructions are consistent with an nmap MCP wrapper for scoped network scanning; its requirements and behaviors match the stated purpose, though there are a few operational notes you should be aware of before installing.
Guidance: This skill is coherent with its stated purpose (an nmap MCP wrapper) and includes sensible safeguards (CIDR allowlist, target validation, audit logging, injection guards). Before installing: 1) confirm you actually want an on-host nmap service (it will execute nmap subprocesses and write scan results/audit logs to disk); 2) review and tighten config.yaml allowed_cidrs to your precise scope — do not leave broad RFC1918 ranges enabled in shared environments; 3) understand the host change required: granting cap_net_raw to the nmap binary (setcap) is necessary for SYN/ARP/OS scans and should be applied only if you trust this code and the environment; 4) protect the scan and audit directories (they may contain sensitive host/service info); 5) note the metadata mismatch (registry says no required binaries / instruction-only while the code requires nmap and Python packages) — installation is manual. If you want stronger assurance, run the bundled tests locally (they exercise scope enforcement, logging, persistence, and injection guards) and audit server.py end-to-end for any remaining truncated functions before deploying on production hosts.

Review Dimensions

Purpose & Capability: noteThe skill is an nmap MCP server and the included server.py, tests, README, and SKILL.md implement that functionality (scope enforcement, audit logging, scan persistence, and structured JSON output). Minor metadata mismatch: registry lists 'required binaries: none' and 'instruction-only', but the SKILL.md and code clearly require nmap and Python packages (fastmcp, python-nmap, pyyaml). This is explainable (install left to the user) but worth noting.
Instruction Scope: okSKILL.md and server.py limit actions to scanning with nmap, scope checks, logging, and persistence. Instructions explicitly require configuring allowed CIDRs and warn about granting cap_net_raw only to nmap. The code includes input validation, hostname resolution with 'fail closed' behavior, and an injection guard for custom flags. No instructions or code paths were found that read unrelated system secrets or exfiltrate data to external endpoints.
Install Mechanism: noteNo install spec is provided (skill is treated as instruction-only), which is lower risk but means the user must run pip install and configure mcporter/clawhub manually. The README and SKILL.md instruct pip install of dependencies and setcap on nmap; dependencies come from PyPI (requirements.txt). No unusual download URLs or archive extraction are used.
Credentials: okThe skill does not request credentials or sensitive environment variables. It uses a single optional NMAP_CONFIG env var to point to config.yaml (documented). It persists scans and audit logs to local disk as expected for this tool; these files will contain scan outputs and should be protected accordingly.
Persistence & Privilege: noteThe skill persists scan results and an audit log to disk (SCAN_DIR and AUDIT_LOG) and therefore requires filesystem write access to its working directory. It also requires granting cap_net_raw capability to the nmap binary for SYN/OS/ARP scans — a privileged operation that the README documents and justifies, but which increases host attack surface if misused. 'always' is false and autonomous invocation is allowed (platform default).