Skillv1.1.0

ClawScan security

QA Architecture Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 5:51 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it claims — a local, zero‑trust QA/codebase analyzer implemented in Python that requires only python3 and git and has no unexplained network or credential requirements.
Guidance: This skill appears internally consistent and implements a local forensic QA analyzer. Before running it: (1) point it at the exact repository path or git URL you intend to analyze (don’t pass root or unrelated directories), (2) be aware that if you analyze a private remote repo git will use your SSH keys or HTTPS token for authentication, and (3) if you have sensitive/proprietary code you may want to inspect scripts/analyze_repo.py yourself (it is included) to confirm behavior. The code shows some minor duplication/inefficiencies but no signs of hidden network calls or credential exfiltration beyond normal git operations. If you need higher assurance, review the full Python script line-by-line or run it in a sandboxed environment first.

Review Dimensions

Purpose & Capability: okThe name/description (forensic QA/codebase analysis) aligns with the provided artifacts: a Python analysis script and comprehensive references. Required binaries (python3, git) are reasonable and expected for cloning and local analysis. No unrelated services, env vars, or credentials are requested.
Instruction Scope: noteSKILL.md limits runtime actions to cloning/fetching a repo and local analysis; the included script's top-level security manifest matches that. One thing to note: the analyzer recursively reads files under the provided path, so if a user points it at a directory other than a repository (e.g., '/'), it will scan those files too. This is expected behavior for a repo analyzer but users should ensure they pass the intended repo path.
Install Mechanism: okThere is no install spec; this is instruction + bundled Python script only (no downloads or archive extraction). That is the lowest-risk install model and consistent with the skill's purpose.
Credentials: okThe skill declares no required environment variables or credentials. The SKILL.md and script state outward network usage is limited to git operations (cloning/fetching) when a remote URL is analyzed — this is proportionate to the stated functionality. Private repo auth is user-supplied via git (SSH keys or HTTPS token), which the doc explicitly calls out.
Persistence & Privilege: okThe skill does not request permanent 'always' inclusion and does not attempt to modify other skills or system-wide settings. It writes only the specified report file. Autonomous invocation of the skill is allowed by platform defaults but not escalated by the skill itself.