Skillv1.0.0

ClawScan security

Clawhub Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:41 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This is an instruction-only wrapper for the ClawHub CLI and its declared requirements match its purpose, but review global npm installs, credential handling, and registry/workdir overrides before use.
Guidance: This skill is coherent for managing ClawHub registry packages, but take these precautions before installing or granting it authority: - Verify the npm package source and publisher for 'clawhub' (ensure it's the official CLI you expect). - Global npm install (npm i -g) can run package install scripts and may require elevated privileges — only proceed if you trust the package and understand the install scope. - The CLI will prompt for 'clawhub login' and create/use credentials; treat those credentials like any API token (store securely, and do not share). The skill metadata does not declare such credentials explicitly. - Be cautious with updates that use --force and --no-input: they can silently replace many installed skills. Prefer targeted updates or interactive confirmation and review changes first. - The SKILL.md mentions environment overrides (CLAWHUB_REGISTRY, CLAWHUB_WORKDIR). Check and control those environment variables so the CLI fetches code from a registry and writes files to locations you trust. - Never pipe CLI output to public network endpoints — the included SAFETY.md guardrails already highlight this. If you need to share outputs, copy them manually and choose an authenticated/private channel. If you want a stricter posture, require explicit user confirmation for global installs and for any --all or --force updates, or run the CLI in an isolated environment (container or sandbox) so installs and updates cannot unexpectedly modify your primary workspace.

Review Dimensions

Purpose & Capability: okName/description, required binary ('clawhub'), and the npm install spec for the 'clawhub' package are consistent with a CLI wrapper that searches, installs, updates, and publishes skills from a registry.
Instruction Scope: noteSKILL.md contains straightforward CLI commands (search, install, update, publish, login). It sensibly warns about dangerous flags and exfiltration. It does reference environment variables (CLAWHUB_REGISTRY, CLAWHUB_WORKDIR) and behavior (update replaces local skill files) that expand runtime scope — these env-vars are mentioned but not declared in the skill metadata, so callers should be aware the agent may rely on them if present.
Install Mechanism: okInstall uses the npm package 'clawhub' (npm i -g clawhub). This is a standard registry install; it is expected and traceable. Note that global npm installs can run package install scripts and require elevated permissions on some systems.
Credentials: noteThe skill does not request credentials or env vars in metadata, yet the SKILL.md references CLAWHUB_REGISTRY and CLAWHUB_WORKDIR and instructs 'clawhub login' (which will create or use credentials). The omission isn't necessarily malicious, but users should be aware credentials will be created/used by the CLI and env overrides can change where code is fetched or written.
Persistence & Privilege: okalways: false and normal agent-invocation settings. The skill can install/update/publish other skills (expected for a package manager client) but it does not request permanent always-on privileges or attempt to modify other skills' configs beyond normal CLI operations.