Skillv1.0.0

ClawScan security

Agent Settings Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 12:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description claims full config+secret management and git/vault sync, but the instructions are purely examples (node config.js) with no code, no install, and no declared credentials — this mismatch is concerning and needs clarification before trusting it with secrets or configs.
Guidance: This skill reads like documentation for an external config CLI (config.js) rather than a self-contained skill. Before installing or enabling it: 1) Ask the publisher where config.js (or the implementation) comes from and request the code or install spec. 2) Do not supply Vault, git, or cloud credentials until you verify the implementation and trust the owner. 3) Confirm exactly what files/paths the agent will access and whether operations will be logged/audited. 4) If you intend to use secret-rotation or git-sync features, prefer short-lived, least-privilege tokens and test in an isolated environment first. If the publisher cannot justify the missing code/credential requirements, treat the skill as incomplete and avoid giving it access to sensitive credentials or repositories.

Review Dimensions

Purpose & Capability: concernThe README-style SKILL.md describes capabilities that require access to git repos, Vault (secrets provider), file system configs, and credentialed APIs. Yet the skill declares no required env vars, no primary credential, and provides no binaries or code. That mismatch suggests the skill is only guidance for an external tool (config.js) rather than a self-contained skill; users expecting the skill to perform those actions without supplying credentials or installing software would be misled.
Instruction Scope: concernThe instructions show commands that read files (e.g., --file config.json), rotate secrets, scan for leaks, and sync from git. Those operations implicitly require access to local files, version history, networked git repos, and secrets stores. The SKILL.md is open-ended (examples rather than constrained workflows) and does not declare which files/paths or credentials the agent may access, giving broad discretion that could lead to accessing sensitive data.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk in terms of writing code to disk. However, the instructions rely on running 'node config.js' which is not provided by the skill. That means the skill cannot actually perform the described operations unless an external CLI/tool is present — this should be made explicit to avoid confusion.
Credentials: concernThe documentation references a 'vault' secrets provider, git repo sync, and secret rotation, but the skill requests no environment variables or credentials. Managing secrets and rotating keys normally requires vault credentials, git tokens/SSH keys, and possibly cloud creds. The absence of declared required credentials is disproportionate to the claimed functionality.
Persistence & Privilege: okThe skill does not request always:true, does not provide install-time persistence instructions, and does not declare config paths or system-wide changes. There is no evidence it requests elevated or permanent privileges.