Skillv1.0.0

ClawScan security

Signal Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are coherent with its stated purpose (bridging a Claude session to IM platforms) but it handles user credentials and writes config files locally, so follow the recommended safeguards before installing.
Guidance: This skill appears to do what it claims: guide setup and manage a bridge by collecting platform tokens and writing a local config at ~/.claude-to-im/config.env. Before installing or using it: 1) Inspect SKILL_DIR/references/setup-guides.md and config.env.example so you know exactly which tokens/IDs will be stored. 2) Ensure the skill (or your agent) will set restrictive permissions on the config file (chmod 600) and avoid storing secrets in additional files. 3) Confirm what exact commands it will run to start/stop the daemon (so you can audit them). 4) Never paste your tokens into unknown external endpoints — validate tokens only against official platform APIs or via local validation routines. 5) If you do not trust the author or environment, run the setup in an isolated machine or container. If you want, ask the skill author to add explicit secure-write steps (atomic write + chmod 600) and a signed start/stop script so you can audit actions before they run.

Review Dimensions

Purpose & Capability: okName/description (bridge Claude to Telegram/Discord/Feishu/QQ) match the SKILL.md: it manages setup, start/stop/status/logs/reconfigure/doctor and reads/writes ~/ .claude-to-im configuration. No unrelated credentials, binaries, or behavior are requested.
Instruction Scope: noteSKILL.md explicitly instructs the agent to read setup guides, collect per-platform tokens interactively, check for and create ~/.claude-to-im/config.env, and manage a daemon. These actions are in-scope. However the instructions rely on Write/Edit tools to store secrets but do not explicitly require or describe secure file permissions (chmod 600) or present an explicit, non-ambiguous sequence of commands used to start/stop the daemon. Recommend adding explicit safe-write and permission steps and a clear, auditable start/stop command list.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or executed from external URLs by the skill itself.
Credentials: noteThe skill does not declare required env vars, but it will collect platform tokens/IDs interactively and persist them to ~/.claude-to-im/config.env which is proportional to the bridge purpose. This is expected, but storing secrets locally increases risk if not handled securely; SKILL.md should mandate file permissions and caution against sending tokens to non-official endpoints.
Persistence & Privilege: okalways:false (no forced global inclusion). Skill manages a background daemon for bridging, which justifies persistence in this context. It does not request modification of other skills or system-wide agent settings.