Skillv1.0.0

ClawScan security

Deployment Automation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 12:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (automated deployments) is plausible, but the runtime instructions expect a local Node script (deploy.js), environment credentials, and tooling that are not declared or provided — this mismatch is concerning and needs clarification before use.
Guidance: This skill is instruction-only but expects a local 'deploy.js' Node CLI and various credentials that are not declared or provided. Before installing or invoking it: (1) ask the author where deploy.js comes from and request the source code or a vetted install method; (2) verify which cloud/cluster and notification credentials are required and avoid supplying broad account keys until you inspect the code; (3) run any provided deploy tooling in a sandbox or staging environment first; (4) if you cannot get a clear provenance for deploy.js, do not run the commands on production systems. If you want a safe assessment, request the deploy.js source or an explicit install specification and a list of required credentials.

Review Dimensions

Purpose & Capability: concernThe SKILL.md expects running 'node deploy.js' and other deployment commands, implying Node.js and a deploy.js implementation (and likely cloud/cluster credentials). However the skill declares no required binaries, no install spec, and no credentials. That mismatch suggests the skill is incomplete or assumes access to external code/config that is not supplied.
Instruction Scope: concernThe instructions direct the agent to run local CLI commands (node deploy.js ...) and reference local config files (.healthcheck.json). Those commands could execute arbitrary code or perform destructive operations. The SKILL.md does not limit scope, does not specify where deploy.js comes from, nor does it constrain what external endpoints are contacted (cloud providers, Slack, PagerDuty).
Install Mechanism: concernThere is no install spec and no code files provided. For a full deployment pipeline this is unexpected: either the skill should provide the deploy.js implementation or declare an install method to fetch it. The absence of an install step combined with command-based instructions is incoherent.
Credentials: concernThe workflow clearly requires credentials (cloud provider, cluster/SSH, notification services like Slack/PagerDuty/email) but requires.env and primary credential are empty. The skill neither requests nor documents the credentials it will need, which is a mismatch and a potential security risk if the agent attempts to use existing system credentials implicitly.
Persistence & Privilege: okThe skill does not request always:true, does not list install actions, and does not claim to modify other skills or global agent settings. Its persistence/privilege profile is minimal as published.