Skillv1.0.2

ClawScan security

Client Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 6:42 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: a simple local-file CRM implemented in Node.js that does not request credentials or perform network exfiltration in its code or instructions.
Guidance: This skill appears to do what it claims: a small Node.js-based CRM that stores data locally in ./clients/clients.json and does not request secrets or make network calls. Before installing or using it: 1) Review the src/client-tracker.js file yourself (or run it in a sandbox) to confirm behavior; 2) Be aware client data will be stored in plaintext locally — keep backups and consider encrypting sensitive fields if needed; 3) The skill may expose client data to your agent/conversation history — avoid entering highly sensitive secrets into chat; 4) If you plan to run the JS code, ensure the runtime environment has Node.js and run it in an isolated environment if you have security concerns; 5) If you need cloud sync or integrations, implement those explicitly and vet any credentials you provide. Overall this skill is coherent and low-risk, but treat stored client data with normal privacy precautions.

Review Dimensions

Purpose & Capability: okName/description match the implementation. The included src/client-tracker.js implements contacts, projects, invoices, pipeline, search and revenue summary — all coherent with a freelancer CRM. Minor note: the package includes a Node.js source file but the registry metadata declares no required runtime/binaries; this is not a security problem but could affect how/where the skill runs (it requires a Node runtime if the code is to be executed).
Instruction Scope: okSKILL.md instructs conversational use and explicitly states data is stored locally and not transmitted unless explicitly configured. The instructions do not ask the agent to read unrelated files, system credentials, or external config paths, nor do they instruct sending data to third-party endpoints.
Install Mechanism: noteThere is no install spec (lowest risk) and no downloads. The only code is a small local Node.js module. Because there is no install step, nothing is automatically written to disk by an installer — risk is limited to running the JS file if the agent executes it. This is proportionate to the skill's purpose.
Credentials: okThe skill requires no environment variables, no credentials, and no config paths. The code operates on a local directory (default './clients') and reads/writes clients.json — this aligns with expected behavior for a local CRM and is proportionate.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or persistent platform privileges. It only persists its own data in a local folder (./clients). It does not modify other skills or system-wide settings.