Back to skill
Skillv1.0.2
ClawScan security
Disk Watch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 6:44 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are coherent with a disk-monitoring purpose — it reads local disks, runs df/wmic, and stores a small local history; nothing requested appears disproportionate or unrelated.
- Guidance
- This skill appears to do what it says: run local disk-usage commands, scan directories up to a shallow depth, and store a small JSON history in the system temp folder. Before installing, consider: run it with a non-privileged account (it will read filesystem metadata and execute df/wmic), review or test the code in a safe environment, and be cautious about calling findHogs on sensitive system paths (it will traverse directories you pass it). Also note there is no upstream homepage or verified publisher information — if provenance matters, verify the author or run inside a container/isolated VM.
Review Dimensions
- Purpose & Capability
- okName/description match the included code: DiskWatch inspects mounted drives, runs platform-specific disk commands (df/wmic), scans directories for largest consumers, and stores a local history. There are no unrelated credentials, network calls, or external services requested.
- Instruction Scope
- okSKILL.md describes local disk monitoring and the code follows that scope. The runtime instructions and API examples do not request unrelated files or credentials. The implementation reads directories, executes df/wmic, and writes a local history file — all consistent with the stated features.
- Install Mechanism
- okNo install spec or external downloads are present. The skill is instruction-only in the registry (though it includes source files); nothing is fetched or extracted from remote URLs during install.
- Credentials
- okThe skill declares no required environment variables or credentials and the code does not read env vars. It only uses local filesystem and OS commands, which are proportionate to disk-monitoring functionality.
- Persistence & Privilege
- okThe skill is not forced-always, does not modify other skills, and only writes a local history file under the system temp directory. That limited local persistence is appropriate for trend tracking.