Skillv1.0.0

ClawScan security

Nmap Pentest Scans Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 1:44 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose and artifacts largely match (it generates Nmap scan plans), but there are coherence gaps: undeclared runtime/dependency requirements and references to evasive/intrusive options that are not technically enforced by the code or declared metadata.
Guidance: This skill appears to be a legitimate planner for Nmap scans, but review a few things before installing or using it: - Dependencies: Confirm you have a Python runtime and that the 'autonomous-pentester/shared' module (pentest_common) referenced by the script is available from a trusted source; the skill metadata does not declare these dependencies. The script itself does not invoke nmap, but the plans it generates assume nmap is available if you later execute them. - Dry-run first: Use --dry-run to generate artifacts only, inspect recommended-commands.txt and scan-plan.md carefully before executing anything on a live network. - Guardrails vs enforcement: SKILL.md and SAFETY.md define bans and confirmation steps (e.g., source-spoofing is prohibited; dangerous NSE categories require explicit listing and confirmation). The Python script enforces scope and that --i-have-authorization is required for live runs, but it does not programmatically enforce per-NSE-script confirmation or strip dangerous/evasion flags found in the example references. Treat the guardrails as guidance unless you inspect/modify the code to enforce them. - Review references: The included references/scan-profiles.md contains evasion and spoofing examples. Even if the skill's policy forbids some flags (e.g., -S), those commands are present in documentation and could be copied into generated plans or produced by an agent that synthesizes commands. Remove or sanitize these examples if you will allow the skill to be used in environments where accidental execution is possible. - Trust origin: The skill's source/homepage is unknown and it imports a shared module from another skill namespace. Verify the origin and integrity of the code and shared modules before granting it access to sensitive environments or data. - Operational controls: Keep the skill user-invocable (do not mark always:true), require manual review/approval of generated command lists, and train operators to never run generated commands without confirming scope and written authorization. If you want higher assurance, ask the publisher (or inspect) for: a declared dependency list (Python version, required packages), the source of the autonomous-pentester shared module, and a code review that enforces the SKILL.md guardrails (especially per-NSE-script confirmation and any outright banned flags).

Review Dimensions

Purpose & Capability: concernThe skill claims to build and orchestrate Nmap scan workflows and includes a Python script that emits Nmap commands. However the registry metadata declares no required binaries or dependencies even though the runtime assumes a Python environment and references 'nmap' command templates and a shared module (autonomous-pentester/shared/pentest_common). The skill does not declare or document these runtime dependencies or the dependency on the 'autonomous-pentester' shared package, which is required for the script to run.
Instruction Scope: concernSKILL.md defines appropriate guardrails (scope validation, explicit authorization, bans on source spoofing, NSE confirmation) and instructs use of the included Python script. The script enforces scope validation and requires --i-have-authorization for non-dry-run execution, and it only writes plan artifacts (it does not execute Nmap). However the references/scan-profiles.md contains many evasive/spoofing/evasion examples and high-risk NSE usages; those examples are not programmatically prevented by the script (the script only generates planned commands). Also the code does not implement explicit per-NSE-script confirmation logic described by the guardrails, so the policy in SKILL.md is partly procedural rather than enforced in code.
Install Mechanism: okNo install spec is present (instruction-only plus a small script). That minimizes install-time risk — nothing is fetched from external URLs and no archives are extracted by the installer.
Credentials: okThe skill requests no environment variables or credentials. This is proportional for a planning-only Nmap helper. Note: running the generated Nmap commands in practice may require root privileges for raw socket options, but those privileges are not requested by the skill itself.
Persistence & Privilege: okalways is false and there are no indications the skill attempts to persist or modify other skills/configs. The skill is user-invocable and can be autonomously invoked by the agent (the platform default) — that is expected for skills of this type.