Skillv1.0.0

ClawScan security

Blogwatcher Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 1:40 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (monitor RSS/blogs) matches what it installs and instructs; it requests no credentials and includes sensible guardrails — the main remaining risk is installing unpinned source from GitHub with `go install @latest`.
Guidance: This skill appears coherent for monitoring blogs: it only needs the blogwatcher CLI and includes reasonable runtime guardrails (confirm destructive actions, avoid adding internal URLs, don't pipe outputs to network endpoints). The main practical risk is the install step: `go install ...@latest` will fetch and compile the latest code from the GitHub repo — consider reviewing the repository, pinning to a specific release/tag or using a prebuilt binary, or installing the CLI manually in an isolated environment before giving the agent permission to run it. Also remember the CLI will make outbound HTTP requests to fetch feeds (expected), so avoid adding internal IP or localhost URLs and confirm any URLs before adding. If you need higher assurance, inspect the upstream source or ask for a signed release/checksum before installing.

Purpose & Capability: okName/description, required binary (blogwatcher), and the install target (github.com/Hyaxia/blogwatcher/cmd/blogwatcher) all align with a CLI that monitors blogs and feeds. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope: okSKILL.md only documents running the blogwatcher CLI (add, blogs, scan, articles, read, read-all, remove) and includes explicit guardrails about destructive commands, URL validation, and prohibiting network exfiltration of subscription data. The instructions do not ask the agent to read unrelated files or secrets.
Install Mechanism: noteInstall uses `go install` pointing at a GitHub module (module@latest). This is an expected way to install a Go CLI, but it compiles and runs code fetched from the repo at the time of install and is not pinned to a version or checksum — moderate supply-chain/trust risk. If you want to reduce risk, prefer a pinned release/tag or vetted prebuilt binary.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportionate for a local feed-monitoring CLI.
Persistence & Privilege: okThe skill is not forced always-on and does not request system-wide configuration or modify other skills. Autonomous invocation is allowed (platform default) but not excessive given the skill's scope.