Back to skill
Skillv1.0.0
ClawScan security
Tailscale VPN · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 4:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Tailscale install/usage guide and its requirements and instructions are coherent with that purpose.
- Guidance
- This is a straightforward Tailscale installation and usage guide. Before running any install commands: 1) verify URLs (tailscale.com) to ensure they are official; 2) prefer your OS package manager or vendor packages over piping unknown scripts when possible; 3) installs require sudo and will create network interfaces and services (tailscaled); 4) be careful when enabling subnet routes or using an Exit Node — those change what traffic is routed through your devices and may require admin approval; 5) do not provide unrelated credentials to this skill. If you are in a managed environment, consult your admin before installing network software.
Review Dimensions
- Purpose & Capability
- okName, description, and all instructions focus on installing, configuring, and using Tailscale (WireGuard-based VPN). There are no unrelated credential requests, binaries, or config paths.
- Instruction Scope
- noteSKILL.md stays on-topic (install, login, common commands, ACLs, advanced features). It instructs running the official tailscale install script (curl https://tailscale.com/install.sh | sh) and CLI commands; piping a remote script to sh is common for convenience but has inherent risk if the URL were malicious — here the URL is the official domain.
- Install Mechanism
- noteThere is no embedded install spec (skill is instruction-only). The guide recommends official install methods (package managers and the tailscale.com install.sh). This is proportional but the remote-install pipe is the only notable installer action and should be verified before execution.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. All recommended actions (login via browser, sudo for tailscaled) are consistent with installing a system VPN client.
- Persistence & Privilege
- okSkill flags are default (always:false, agent-invocable allowed). It does not request permanent inclusion or modify other skills; instructions involve running a system service (tailscaled) which legitimately requires administrative privileges during install.