Back to skill
Skillv1.0.0
ClawScan security
Clawdhub Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:40 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it wraps the ClawdHub CLI, asks for the expected binary/npm install, and its runtime instructions and safety guardrails align with the described purpose.
- Guidance
- This skill is coherent: it just teaches the agent to use the ClawdHub CLI and includes helpful safety guardrails. Before installing or using it: (1) verify you trust the npm 'clawdhub' package or inspect its source (npm packages may run install-time scripts), (2) avoid using --force or --no-input without confirming each flag and reviewing what will change, (3) do not export CLAWDHUB tokens into shell environment variables—use the CLI's credential store, and (4) confirm the registry URL (default is https://clawdhub.com) before installing/publishing to avoid fetching from an unexpected registry. If you want extra isolation, install the CLI in a container or dedicated environment first.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description say it uses the ClawdHub CLI to search/install/update/publish skills; the manifest requires the 'clawdhub' binary and provides an npm install spec for the 'clawdhub' package. These requirements are proportionate and expected for this purpose.
- Instruction Scope
- okSKILL.md contains only standard CLI usage (npm i -g clawdhub, clawdhub login/search/install/update/publish/list). It does not instruct reading unrelated system files or exfiltrating data. The included SAFETY.md adds explicit guardrails (confirm before operations, disallow --force/--no-input without per-flag consent, prohibit piping output to network) which constrain risky behavior.
- Install Mechanism
- noteInstall uses npm to install the 'clawdhub' CLI (global install). This is an expected distribution mechanism for a CLI but carries the usual npm risks (postinstall scripts can run code). This is not incoherent with the skill's purpose, but users should treat third-party npm installs as code installation and review the package source or install in an isolated environment if concerned.
- Credentials
- okThe skill declares no required environment variables or credentials. SKILL.md notes optional overrides (CLAWDHUB_REGISTRY, --workdir) and SAFETY.md explicitly warns against exporting CLAWDHUB tokens. The environment access requested is minimal and proportional to the stated functionality.
- Persistence & Privilege
- okalways is false and the skill is instruction-only (no bundled code). It installs a CLI when requested but does not request elevated, always-on presence or modify other skills. Autonomous invocation is allowed (platform default) but does not combine with other concerning privileges here.