Skillv1.0.0

ClawScan security

CLI-Hub Tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 10:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and command list are coherent for a 'CLI hub', but it directs installing an unverified third‑party pip package and lists many tools (some requiring credentials or elevated install privileges) without providing provenance — this mismatch raises concern.
Guidance: This skill is essentially documentation that tells you to pip-install a third‑party package that will download and install many other CLIs. Before installing or running it: 1) verify the package's provenance (PyPI project page, source repo, maintainer, recent activity); 2) inspect the package code or repository for unexpected network or privilege actions; 3) prefer running the installer in a sandbox or container and avoid running pip install as root; 4) be prepared that some subtools will request cloud/API credentials — only provide those after verifying each tool; 5) if you can't verify the package source, treat the pip install as risky and avoid installing.

Review Dimensions

Purpose & Capability: noteName/description (a hub to install many CLIs) matches the SKILL.md content and the listed tools. The broad range of CLIs (browser automation, cloud, AI, video, etc.) is consistent with a multi-tool installer.
Instruction Scope: concernSKILL.md tells users/agents to run 'pip install cli-anything-hub' and to use 'cli-hub install <name>' to fetch many tools. Those instructions will cause arbitrary code download and execution outside the agent (via pip) and may trigger further installs that need elevated permissions or secrets. The doc also asserts an installed path (/usr/local/bin/cli-hub) despite no install metadata — an unexplained claim.
Install Mechanism: concernThere is no formal install spec in the skill metadata, but the runtime instructions instruct installing a third‑party pip package (cli-anything-hub). Installing an unverified package via pip pulls code from the network and is a high-risk operation unless the package/repository provenance is known. No homepage, source repo, or checksum is provided for verification.
Credentials: noteThe skill declares no required environment variables, yet the listed subtools include services that commonly require credentials (AWS CLI, ollama, Novita, etc.). Not declaring any credential requirements is not itself malicious, but it means installs invoked by this hub will likely prompt for or later require sensitive credentials — users should expect that and verify each subtool separately.
Persistence & Privilege: okThe skill is not always-enabled, is user-invocable, and does not request persistent platform privileges in its metadata. It does not itself try to modify other skills or system settings according to the manifest.