Back to skill
Skillv3.10.3
ClawScan security
ClawProof Security Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 21, 2026, 4:54 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and provenance (npx + public npm package/GitHub) align with its stated purpose as a CLI security scanner; nothing requests unrelated credentials or system access, though you should still review the third‑party package before executing it on sensitive systems.
- Guidance
- This skill appears internally consistent: it documents and instructs use of an npm-distributed CLI to scan skills, packages, prompts, and code. That said, using npx runs code fetched from the public npm registry at the moment of invocation — review the package source (GitHub repo), verify the npm package name and publisher, check recent versions and release notes, and consider pinning to a specific vetted version or auditing the package locally before running it on sensitive systems. If you will use it in automated environments (CI, production), prefer installing a vetted release in a controlled environment, enable reproducible installs (lockfiles), and review any telemetry/privacy policy in the package repository. Finally, the detected prompt-injection pattern appears in documentation/examples (expected), but you may want to manually inspect SKILL.md/README and the upstream repo to ensure nothing in the package uses 'ignore previous instructions' or other bypasses in a way that could alter agent behavior unexpectedly.
- Findings
[prompt-injection:ignore-previous-instructions] expected: The phrase 'ignore-previous-instructions' was detected in SKILL.md. Given this skill advertises prompt-injection detection and documents bypass patterns, finding such a pattern in examples/documentation is expected. It should be reviewed to ensure it's explanatory (detection examples) rather than an attempt to manipulate the evaluator, but current context in SKILL.md appears to be documentation and sample inputs for scan-prompt.
Review Dimensions
- Purpose & Capability
- okName and description claim a CLI security scanner; the SKILL.md consistently instructs running an npm-distributed CLI via npx (scan-skill, scan-prompt, scan-action, etc.). Requiring the npx binary is proportionate and expected. No unrelated environment variables, binaries, or config paths are requested.
- Instruction Scope
- okRuntime instructions are limited to scanning skills, packages, prompts, and code via the advertised CLI. They do not instruct reading arbitrary system credentials, editing other skills, or sending data to unexpected endpoints. The SKILL.md includes examples of prompt-injection strings (e.g., 'ignore previous instructions') as part of the detection docs; that explains the pre-scan injection signal.
- Install Mechanism
- noteThis is an instruction-only skill that tells users to run 'npx agent-security-scanner-mcp' or 'npm install -g'. That means it will execute code retrieved from the public npm registry at runtime — a common pattern for CLIs but carries the usual supply-chain risk of running third-party packages. No obscure download URLs are used in the SKILL.md; the homepage and npm links point to GitHub and npm.
- Credentials
- okThe skill declares no required environment variables or credentials. The SKILL.md does not request access to unrelated secrets or system config. The absence of env/credential requests is proportionate to a read-only/analysis CLI.
- Persistence & Privilege
- okThe skill does not request always:true, nor does it claim to modify other skills or system-wide agent settings. It's an on-demand tool invoked via CLI; allowing autonomous model invocation is the platform default but the skill does not request elevated persistence.