Skillv1.0.0

ClawScan security

Merge Check · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 3:13 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (a shell script that calls the GitHub CLI and jq) matches its stated purpose, but the package omits required tooling and implicit credential requirements — an incoherence that users should understand before installing.
Guidance: This skill appears to do what it says (gather PR data and produce a mergeability report), but it omits key operational details. Before running/installing: 1) Inspect the script yourself (it is included) to confirm you're comfortable with gh API calls. 2) Ensure you have gh and jq installed; the skill should have declared those as required. 3) Be aware the script will use your GitHub CLI authentication (your gh auth or GH_TOKEN) to read repository and PR data — run it only with an account/token that has appropriate (least-privilege) access. 4) If you want tighter safety, run the script in an isolated environment or with a read-only token; ask the publisher to update metadata to list required binaries and explicit credential guidance.

Review Dimensions

Purpose & Capability: concernThe skill claims to analyze GitHub PRs and includes a shell script that uses the GitHub CLI (gh) and jq to call GitHub APIs and assemble PR data. That capability is appropriate for the described purpose, but the skill metadata declares no required binaries or credentials even though the script clearly depends on gh and jq and on an authenticated gh configuration (or GH_TOKEN). The omission is a mismatch between claimed requirements and actual needs.
Instruction Scope: okSKILL.md and the included script limit runtime actions to calling the GitHub API (via gh) and local processing with jq/bash, gathering PR metadata, files, checks, reviews, comments, commits, and repository files like CODEOWNERS/CONTRIBUTING. The instructions do not request or transmit data to external endpoints beyond GitHub and do not attempt to read unrelated system files.
Install Mechanism: concernThis is instruction-only (no install spec), so nothing is written to disk by an installer. However, the script depends on external binaries (gh and jq) that are not declared in the registry metadata. That omission can cause surprising failures or implicit trust in the local gh installation.
Credentials: concernThe skill declares no required environment variables or primary credential, yet the script implicitly requires GitHub authentication via the gh CLI (which typically relies on stored credentials or GH_TOKEN). The metadata should explicitly declare this dependence and the minimal scopes needed; as-is the skill may run with the user's existing GitHub credentials without making that clear.
Persistence & Privilege: okThe skill does not request always:true, does not attempt to persist or modify other skills or system settings, and only prints JSON to stdout. There is no evidence it attempts to install persistent agents or change global configuration.