Skillv1.0.2

ClawScan security

Env Guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 8:13 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a self-contained, local secret-scanner whose code, instructions, and requirements are consistent with its stated purpose; it does not request credentials or make external network calls.
Guidance: This package appears to be a straightforward local secret scanner. Before installing: (1) inspect src/env-guard.js (you already have it) and run it on a non-sensitive test directory to confirm behavior; (2) note the CLI mismatch — call it as `node src/env-guard.js <path>` (not necessarily with a 'scan' subcommand) or update the code if you want a subcommand; (3) run it in a sandbox/CI job with least privilege and avoid scanning production secrets live; (4) because it only reads files and prints/redacts matches, it does not exfiltrate data by default, but review any changes you make (e.g., adding telemetry or custom integrations) before running on sensitive repositories; and (5) if you rely on the author/contact links, verify their provenance since the package source is marked 'unknown.'

Review Dimensions

Purpose & Capability: okThe name/description (secret scanning) match the included JS implementation: patterns for API keys, tokens, private keys, connection strings, and webhook URLs are present and used to scan files. Features claimed (custom patterns, allowlisting, CI exit codes) are implemented by the EnvGuard class and CLI behavior.
Instruction Scope: noteSKILL.md and README describe running the scanner locally and CI integration, which matches the code; however, there is a minor mismatch in CLI usage: docs show `node src/env-guard.js scan ./my-project` but the script treats the first CLI argument as the target path (process.argv[2]), so passing a literal 'scan' will cause the tool to scan a directory named 'scan' rather than './my-project'. The SKILL.md does not ask the agent to read unrelated files, env vars, or transmit data, and the code also does not perform external network I/O.
Install Mechanism: okNo install spec (instruction-only with a packaged JS file). There is no runtime download or external installer; the code is local and uses only Node built-ins (fs, path). This is low risk for installation.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The patterns intentionally target secret formats; no unexpected or unrelated credentials are requested. Allowlist and pattern APIs are local to the tool.
Persistence & Privilege: okThe skill is not always-enabled, has no special persistent privileges, and does not modify other skills or system-wide settings. It runs locally and does not store configuration beyond in-memory allowlist/pattern arrays (no files written by default).