Back to skill
Skillv1.0.0
ClawScan security
DOSBox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 7:17 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions are consistent with its stated purpose (detecting DOSBox binaries, generating launch commands and .conf files, and troubleshooting); it does not request secrets, network access, or unusual system privileges.
- Guidance
- This skill appears to do exactly what it says: detect DOSBox installations, generate launch commands, and write starter .conf files. Before using it, inspect any generated .conf and the launch command it suggests; verify you have DOSBox or DOSBox‑X from a trusted source. Be cautious about running executables from unknown game folders (they can be malicious)—the skill helps launch local programs but does not protect you from running unsafe binaries. Finally, note the skill's owner is unknown; if you plan to rely on it long-term, consider reviewing the included scripts yourself or using a version from a known, trusted source.
Review Dimensions
- Purpose & Capability
- okName/description (DOSBox launcher/configurator/troubleshooter) match the provided scripts and SKILL.md. The two included Python scripts detect installed DOSBox/DOSBox‑X binaries, print example launch commands, and generate .conf files — all directly relevant.
- Instruction Scope
- okSKILL.md instructs the agent to inspect folders, detect emulator executables, build launch commands, and write .conf files. The instructions reference only local paths, mount/launch commands, and the provided helper scripts. They do not attempt to read unrelated system credentials, network endpoints, or other agents' config.
- Install Mechanism
- okNo install spec — instruction-only plus small included scripts. No downloads or external install URLs. The scripts are simple, local, and self-contained; they don't extract or execute remote code.
- Credentials
- okThe skill requests no environment variables, no credentials, and no special config paths. The scripts legitimately probe PATH and common Windows program locations to find DOSBox binaries; this filesystem access is proportionate to the stated function.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system changes beyond writing a user-specified .conf file. It does not modify other skills or global agent settings. The agent can invoke it autonomously (platform default), which is appropriate for this utility.