Back to skill
Skillv1.0.0
ClawScan security
Sag Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions align with a local ElevenLabs TTS CLI wrapper: it needs the sag binary and an ElevenLabs API key and the SKILL.md stays within that scope.
- Guidance
- This skill appears coherent for local ElevenLabs TTS use. Before installing: (1) Inspect the Homebrew formula (steipete/tap/sag) or the tap's repository to confirm it's legitimate and see what it installs or runs; (2) keep your ELEVENLABS_API_KEY in a secure place (environment variable or secrets manager) and never paste it into commands or files; (3) the SKILL.md already warns against exfiltration—don’t pipe audio or keys to network commands; (4) consider running the sag CLI manually first to verify expected behavior and any network endpoints it contacts. If you need lower supply-chain risk, prefer installing sag from a well-known or audited source or review the formula source before brew install.
Review Dimensions
- Purpose & Capability
- okName/description (ElevenLabs TTS with mac-style UX) match the declared requirements: a 'sag' CLI binary and ELEVENLABS_API_KEY. No unrelated env vars, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md instructs the agent to call the local 'sag' CLI, generate audio to local paths (e.g., /tmp/voice-reply.mp3), and include the file in replies. It explicitly warns against exposing or transmitting API keys and against piping outputs to network commands. The instructions do not ask for unrelated files, credentials, or system state.
- Install Mechanism
- noteInstall uses a Homebrew formula from a third-party tap (steipete/tap/sag). Brew formulas are common and reasonable, but third-party taps carry more provenance risk than an official tap — review the formula/source (GitHub) before installing to confirm no unexpected network behavior or post-install hooks.
- Credentials
- okOnly ELEVENLABS_API_KEY is required (declared as primary). The SKILL.md also references optional voice-related env vars by name, but no extraneous credentials are requested.
- Persistence & Privilege
- okalways is false, no config paths requested, and the skill is instruction-only (no code written to disk by the skill itself). Agent autonomous invocation is allowed but is the platform default and not a special privilege here.