Skillv1.0.0

ClawScan security

Error Monitoring Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 12:49 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's README-style instructions expect a Node CLI (monitor.js) and privileged monitoring/auto-remediation actions, but no code, install steps, or credentials are provided — the pieces are incoherent and could lead to risky assumptions if installed blindly.
Guidance: This skill is a template-like specification rather than a complete implementation. Before installing or trusting it: 1) Ask the publisher for the monitor.js implementation or an official release URL and an install script (so you can inspect code). 2) Require a clear list of required credentials (Slack, PagerDuty, cloud/deploy) and minimum privilege scopes — do NOT provide blanket org/cloud credentials. 3) Verify how auto-resolution is authorized: who approves restarts/rollbacks and where approvals are stored. 4) If you must test, do so in an isolated sandbox with limited access to logs and no permission to modify production systems. 5) Prefer skills that include a transparent install mechanism (pinned release, repo) and explicit env/permission requirements. Given the current mismatch between description and content, treat this skill as incomplete and do not grant it production credentials or privileges.
Findings: [NO_SCAN_MATCHES] expected: The static scanner found no code to analyze. That is expected for an instruction-only skill, but it removes a major source of evidence about what would actually run.

Review Dimensions

Purpose & Capability: concernThe skill claims to provide real-time monitoring, aggregation, alerting, analysis, and auto-resolution, but the package contains no code and no install spec. The examples call 'node monitor.js' and reference integrations (Slack, PagerDuty, email) and remediation actions (restart, rollback) that would require additional binaries, access, and credentials which are not declared.
Instruction Scope: concernSKILL.md gives concrete CLI commands and describes reading logs, correlating deploy logs/config changes, and auto-resolving issues. Those instructions implicitly require access to system/cluster logs, deployment tooling, and external alerting channels, yet provide no guidance for how to obtain, scope, or authenticate that access. The instructions are also open-ended (e.g., 'auto-investigate', 'apply-approved') which grants broad discretion without safety guards.
Install Mechanism: concernThere is no install spec and no code files — an instruction-only skill that nevertheless expects a 'monitor.js' Node program to exist. This is a mismatch: either the skill omitted its implementation/install steps (suspicious) or it's purely a template. The lack of an install mechanism makes it impossible to validate what would actually run.
Credentials: concernThe skill declares no required environment variables or credentials, yet its capabilities imply need for service credentials (Slack, PagerDuty, email SMTP, cloud provider/deployment credentials) and access to logs/configs. The absence of declared required secrets is inconsistent and potentially dangerous if callers assume none are needed.
Persistence & Privilege: concernalways is false (good), but the documented auto-resolution features imply actions that change system state (restarts, rollbacks, retries). Those operations require elevated privileges and clear authorization flows; the skill provides none. The combination of autonomous invocation allowance (default) and vague auto-remediation behavior increases risk if later paired with an implementation.