Skillv0.2.0

ClawScan security

Skill Compiler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 12:51 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (compile SKILL.md into runtime artifacts) is plausible, but the runtime instructions reference local scripts and binaries that are not included or declared consistently in the package, creating an incoherent and risky install/run expectation.
Guidance: This package appears incomplete: SKILL.md refers to scripts (check-env, compile-skill, compile-all, exe) and required binaries (mdquery, toon) that are not included or declared in the registry metadata. Before installing or running: (1) inspect the referenced scripts in the repository (skills/public/skill-compiler/scripts/*) — do not run them until you can review their contents; (2) verify where the listed helper binaries come from and whether they are already on your system or need to be installed from trusted sources; (3) run the compiler only in a sandbox or non-production checkout to avoid unintended writes across ./skills; (4) if you got this from a registry listing, ask the publisher why the package lacks the scripts it references or obtain a complete release (scripts + checksums) from a trusted homepage. The inconsistencies could be an innocuous packaging omission, but they also make the skill's behavior unclear — treat it as suspicious until you can validate the missing components.

Review Dimensions

Purpose & Capability: concernThe skill claims to 'compile' SKILL.md using scripts under skills/public/skill-compiler/scripts, and its SKILL.md frontmatter lists required bins (bash, mdquery, jq, toon). However the package contains no scripts or binaries and the registry metadata lists no required binaries or env vars — this mismatch means the skill cannot perform its claimed purpose as provided and raises questions about where the required tooling lives.
Instruction Scope: concernThe runtime instructions instruct the agent to run local scripts to check environment, compile a specific SKILL.md, and compile all SKILL.md under ./skills — operations that will read and write many repository files. That file-system scope is consistent with a compiler, but the referenced scripts (check-env, compile-skill, compile-all, exe) are not present in the file manifest, so the instructions are incomplete and could cause the agent to try to run non-existent commands or to search for external tooling.
Install Mechanism: okThere is no install spec (instruction-only), which is low-risk from an installation/extraction perspective. The absence of an installer reduces the chance of arbitrary code being downloaded as part of an install, but it also means the skill as packaged is incomplete.
Credentials: okNo environment variables, credentials, or config paths are requested. The SKILL.md frontmatter lists 'network: false' and 'secrets: []', which aligns with a local compile tool and does not ask for unrelated credentials.
Persistence & Privilege: noteThe skill does not request always:true and does not claim autonomous privileges. It does describe writing artifact files (SKILL.struct.json, SKILL.toon) into the repository, which is expected for a compiler but is a file-write capability the user should be aware of before running.