Skillv1.2.14

ClawScan security

Kontour Travel Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 5:01 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (offline travel planning using bundled data) matches most visible artifacts, but several included scripts were not shown in the review and could contain network or dynamic execution — review them before installing.
Guidance: This skill appears coherent with its offline travel-planning purpose: it bundles static reference data and uses bash/python3 scripts to produce JSON, Google Maps links, and KML. However two non-trivial runtime scripts (scripts/plan.sh and scripts/gen-airports.py) were not shown in full; before installing or running, do the following: 1) Inspect the full contents of scripts/plan.sh and scripts/gen-airports.py for any network calls (curl, wget, requests, urllib, sockets), for use of eval/exec/subprocess/os.system, or for reading unexpected files. 2) Run the author-provided checks from the SKILL.md (the ripgrep command and scripts/socket-review-check.sh) in a safe sandbox. 3) Search the codebase yourself: rg -n "curl|wget|http://|https://|socket|requests|urllib|subprocess|os\.system|eval\(|exec\(|popen|import socket". 4) If you cannot review the files, run the skill in an isolated environment (container or VM) with no network access. 5) Note that references/booking-integrations.json contains external API endpoints as planned integrations (documentation only) and embed-snippets include marketing links to kontour.ai — these are informational, not required for core functionality. If those checks show no outbound network or dynamic execution, the skill is reasonable to use; if you find unexpected network calls or code executing external commands, treat it as potentially malicious and do not install.

Review Dimensions

Purpose & Capability: okName/description align with required binaries (bash, python3) and the presence of static reference data; no credentials or config paths are requested, which is consistent with an offline planner.
Instruction Scope: noteSKILL.md explicitly instructs offline/local execution and documents outputs and safety checks. export-gmaps.sh and KML code are visible and are local-only. However plan.sh and gen-airports.py (large files listed) were truncated in the supplied content — those runtime scripts could broaden scope (network calls, subprocess usage, reading unexpected files). SKILL.md recommends running a regex smoke-check and includes socket-review-check.sh, which is helpful but the unseen scripts must be inspected.
Install Mechanism: okInstruction-only skill (no install spec). No downloads or installers are declared and scripts are intended to be run locally, which is low-risk. Code files are bundled with the skill rather than pulled from arbitrary URLs.
Credentials: okThe skill requires no environment variables or credentials. The bundled reference JSON includes external API endpoints and marketing links as documentation/roadmap only; these are not presented as required runtime integrations.
Persistence & Privilege: okalways is false, the skill does not request elevated presence, and there are no instructions to modify other skills or system-wide agent settings in the visible content.