Skillv1.0.0

ClawScan security

Automated Code Reviewer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 12:49 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions expect running node-based review scripts and accessing repositories, but the package declares no install steps, no required binaries, and no credentials — these mismatches make the skill internally inconsistent.
Guidance: This skill's description and runtime examples expect a Node-based review tool (review.js) and access to repositories/PRs, but the package provides no code, no install steps, and no credentials. Before installing or enabling it: 1) Ask the publisher for the review.js source or a trustworthy install mechanism (repo, GitHub release, or package). 2) Require that the skill declare necessary binaries (e.g., node) and any env vars (e.g., GITHUB_TOKEN) it needs. 3) Do not grant repository credentials until you can inspect the tool code or run it in a sandbox; the skill as written would be able to read your codebase. 4) Prefer skills with a verifiable source/homepage. If the author provides the review.js implementation and a clear install/permission model, re-evaluate — that information would likely change this assessment to benign.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes running commands like `node review.js analyze --pr ...` and scanning repository source. That legitimately requires Node and a review.js implementation plus access to repositories/PRs. The registry metadata declares no required binaries, no install, and no source/homepage — this does not align with the stated capability.
Instruction Scope: concernInstructions direct the agent to analyze diffs, run static/security/performance scans, and read source paths (e.g., ./src). That's within the claimed purpose, but the SKILL.md implicitly assumes availability of specific scripts and repository access. It does not document where review.js comes from, how PRs are authenticated, or what local/remote paths will be read.
Install Mechanism: noteThere is no install spec (instruction-only). That is lower risk in general, but here it's unexpected: the skill references running Node scripts yet gives no guidance to install Node or the review tool. Lack of an install mechanism combined with references to an executable script is an inconsistency.
Credentials: concernThe skill declares no required environment variables or primary credential, but its examples (analyzing PRs, accessing repos) normally require repository credentials (e.g., GITHUB_TOKEN) and possibly service API keys. The absence of declared env vars is disproportionate to the described network/repo operations.
Persistence & Privilege: okThe skill does not request always:true and does not declare any persistent system-wide changes. It is user-invocable and allows model invocation (defaults), which is normal and not by itself concerning.