Skillv1.0.0

ClawScan security

Bluebubbles Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 1:40 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill’s requirements and runtime instructions align with its stated purpose (building/updating a BlueBubbles channel plugin); it is instruction-only, requests no credentials or installs, and includes explicit guardrails for common risks.
Guidance: This skill looks coherent and focused on building the BlueBubbles plugin, but exercise normal caution: 1) The package source and homepage are unknown — before installing or granting the agent file/system access, review the actual repository or implementation code (not just SKILL.md/SAFETY.md). 2) Ensure the runtime implements the documented guardrails (path traversal checks, SSRF-safe URL builder, explicit user consent for cross-chat forwarding, and no credential logging). 3) Keep BlueBubbles credentials in a secure config store and verify agent logging/config access is limited; SKILL.md references config.get(...) but does not require env vars — verify how your runtime provides those values. 4) Because this is instruction-only, the agent could still be asked to edit code; require human review of changes before deployment. If you need higher assurance, request the actual source or a signed/hosted package before use.

Purpose & Capability: okThe name/description (BlueBubbles channel plugin) matches the SKILL.md content: file layout, helpers, webhook handling, and config keys are all directly related to that goal. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope: okInstructions stay on-topic: describe expected file locations, helper functions to use, webhook behavior, and core config keys. SKILL.md explicitly warns about not logging credentials, path traversal, SSRF, and cross-chat relays. No steps ask the agent to read irrelevant system files or exfiltrate data.
Install Mechanism: okNo install spec and no code files — instruction-only — which minimizes disk writes and arbitrary code execution. This is proportionate for a documentation/IDE-assistant style skill.
Credentials: okThe skill declares no required env vars or primary credential. It references config keys (channels.bluebubbles.*) which are appropriate for a channel plugin and the SKILL.md warns against exposing them in logs or payloads.
Persistence & Privilege: okalways is false and autonomous invocation is the platform default; there is no indication the skill requests elevated or persistent privileges or tries to modify other skills or system-wide configs.