Skillv1.0.0

ClawScan security

Blucli Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 1:40 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it wraps the blu CLI, asks only for the blu binary (and provides a Go-based install for it), and the runtime instructions are scoped with explicit safety guardrails.
Guidance: This skill appears to do what it says: it needs the 'blu' CLI and offers a Go-based install that builds that binary. Before installing, consider: (1) review the upstream repo (github.com/steipete/blucli) or the homepage to verify maintainership and recent commits; (2) prefer installing a pinned release (not @latest) to reduce supply-chain risk; (3) inspect the built binary or compile it locally yourself; (4) note the skill explicitly forbids piping discovery output to external endpoints — follow that guardrail to avoid leaking local network topology. If you don't trust building from source, obtain 'blu' from a package/distribution you already trust or skip installation.

Purpose & Capability: okThe name/description (BluOS CLI) matches the declared requirement (the 'blu' binary) and the install spec produces that same binary. There are no unrelated required binaries, credentials, or config paths.
Instruction Scope: noteSKILL.md only instructs use of the blu CLI and includes explicit guardrails (confirm target device before state changes, no piping discovery output to network, limit enumeration). Minor inconsistency: the doc lists BLU_DEVICE as a possible selection mechanism but the skill declares no required env vars — this is informational (not a hidden secret) and does not appear to widen scope.
Install Mechanism: noteInstall uses a Go module (github.com/steipete/blucli/cmd/blu@latest) which is a traceable GitHub source and will build a 'blu' binary. This is expected for a CLI but using '@latest' pulls the most recent upstream code (supply-chain/version-pinning risk); not inherently malicious but worth review.
Credentials: okThe skill requests no environment variables, credentials, or config files. No excessive or unrelated secrets are required.
Persistence & Privilege: okThe skill is not always-enabled, is user-invocable, and does not request elevated persistence or to modify other skills or system-wide settings.