Back to skill
Skillv1.0.0
ClawScan security
JSON Query Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 6, 2026, 8:39 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill code and instructions match the stated purpose (a simple CLI JSON query tool); there are no network calls or credential requests and nothing in the files suggests hidden behavior.
- Guidance
- This skill appears to be what it claims: a small, local JSON-query CLI implemented in Python with no networking or credential usage. Before installing or running, consider: 1) the SKILL.md's pip install -e . instruction expects packaging metadata that is not present in the manifest — if you run pip from this source, verify what will be installed or prefer running the script in a virtualenv; 2) the tool reads any file path you give it, so don't let an automated agent call the skill with sensitive file paths (it could print/expose secrets contained in JSON files); 3) as with any code from an unknown source, run the tests and inspect/run the script in an isolated environment (virtualenv or container) before using on sensitive data.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md examples, and the provided jsonq.py implementation are consistent: the tool reads a user-supplied JSON file and evaluates simple path expressions, returning raw/json/table output as described.
- Instruction Scope
- okSKILL.md only instructs running the jsonq CLI against a specified <file> and query. The runtime code reads the single file path you pass, parses JSON, and formats output. There are no directives to read other system state, environment variables, or to transmit data externally.
- Install Mechanism
- noteThis is instruction-only (no install spec), which is low-risk. SKILL.md suggests 'pip install -e .' or chmod +x ./jsonq, but the repository manifest does not include packaging metadata (setup.py/pyproject.toml) or a produced jsonq wrapper — minor mismatch between install instructions and included files.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The code does not access os.environ or other secrets — requested privileges are minimal and appropriate for a file-based CLI tool.
- Persistence & Privilege
- okThe skill is not marked always:true and does not attempt to modify agent/system configuration. It does read files provided to it (expected for this tool), so normal caution about what file paths are passed by automated agents applies.