Back to skill
Skillv0.1.1
ClawScan security
Zeelin Report Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 7:24 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and scripts are consistent with a GitHub-based report publisher; it modifies git/SSH state and uses the GitHub CLI as part of a normal PR workflow, which is intrusive but proportionate to the stated purpose.
- Guidance
- This skill appears to do what it claims, but it will make persistent, user-level changes: it can set your git global user.name/user.email, generate an SSH key at ~/.ssh/id_ed25519 (if one is absent), and upload that public key to your GitHub account via the gh CLI. Before running bootstrap/publish: (1) verify the repo path and backup any existing ~/.ssh/id_ed25519 and your git global config if you care about them; (2) run bootstrap only on machines you control; (3) be prepared to complete gh auth login in your browser (the script may attempt that); (4) review and test in a fork or disposable repo if you want to avoid accidental pushes to a shared repository; (5) if you do not want global git config changes or SSH key uploads, run the publish script manually after performing your own authentication/configuration steps. If you need additional assurance, request the full publish_report.py contents (already included) be audited for any hidden network calls — the script interacts with Git/GitHub and placehold.co (for placeholder cover images), which is expected behavior.
Review Dimensions
- Purpose & Capability
- okThe name/description (publish reports to the ZeeLin site) matches the included scripts and instructions: copying assets, editing public/reports_config.json, running npm build, creating a feature branch, pushing, and opening a PR. Required binaries (git, python3, npm, optionally gh) are appropriate for these tasks.
- Instruction Scope
- noteSKILL.md and the scripts instruct the agent to configure global git identity, generate/upload an SSH key, verify push access, mutate repo files (reports_config.json and public/<category>), run npm build, commit, push, and create a PR. These actions are within the publishing scope but are intrusive (global git config changes, SSH key creation/upload, remote push dry-run and real push). The instructions do not read unrelated system files or request unrelated credentials.
- Install Mechanism
- okThere is no install spec; the skill is instruction-plus-scripts only. That reduces supply-chain risk. Provided scripts are plain bash/Python and do not download arbitrary archives or execute code fetched from unknown servers.
- Credentials
- noteNo environment variables or external credentials are declared or required. However, the bootstrap script will create an SSH key at ~/.ssh/id_ed25519 (if missing) and, when the GitHub CLI (gh) is available and authenticated, will upload that public key to the user's GitHub account. That is a sensitive operation but is reasonably explained by the need to ensure SSH-based repo push access.
- Persistence & Privilege
- noteThe skill does not request always:true and does not autonomously persist itself into other skills. It does modify user-level state: git global config (user.name/user.email) and the user's ~/.ssh keys (possibly creating and uploading a key). Those are user-wide changes that persist beyond a single run and thus warrant explicit user consent before running bootstrap.