Skillv1.0.1

ClawScan security

skill-expert-skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 6:50 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package and its runtime instructions are internally consistent: the files and scripts match the stated purpose of creating, validating, and packaging Agent Skills and do not request unrelated credentials or hidden network endpoints.
Guidance: This package appears coherent with its stated purpose, but take standard precautions before running code: 1) Review scripts (scripts/*.py) and requirements.txt yourself to ensure they do only what you expect. 2) Run any pip install commands inside an isolated virtualenv and not as root. 3) Be aware the tool will read and write files under the skill directories you point it at (init_skill, package_skill), so avoid pointing it at system or secrets directories. 4) If you do not want an agent to run these scripts autonomously, keep model-invocation disabled for this skill in your agent settings. 5) If you plan to allow network access, note SKILL.md recommends web searches/URL fetch — consider whether that is acceptable in your environment.

Review Dimensions

Purpose & Capability: okThe name/description promise (create/optimize/validate/package SKILL.md-based skills) aligns with the included scripts (init_skill, quick_validate, universal_validate, package_skill, analyze_trigger, diff_with_official, etc.) and the many reference docs. The skill does not request unrelated environment variables or credentials.
Instruction Scope: noteSKILL.md describes multi-phase workflows and explicitly tells the agent to use local docs, scripts, and (when available) external research tools (web search / URL fetch). The frontmatter lists allowed-tools (Read Write Bash Grep Glob), and the included scripts perform filesystem operations (create SKILL.md, read/write directories, package files). This is expected for a skill-creator tool, but be aware the instructions suggest using network-based research tools when available — the skill does not declare network access or credentials, so network use depends on the agent environment rather than the skill itself.
Install Mechanism: noteThere is no install spec (instruction-only SKILL.md), which lowers automatic risk. However documentation/quick-navigation instructs users to run pip install -r scripts/requirements.txt; a requirements.txt exists (content not shown here). Running those commands would pull external packages. The repository itself contains many local Python scripts; packaging code writes zip files locally. There are no downloads from arbitrary URLs in the provided scripts.
Credentials: okThe skill declares no required env vars, no primary credential, and no config paths — appropriate for a tooling/authoring skill. The scripts legitimately need local filesystem access to create/validate/package skills; no sensitive or unrelated credentials are requested.
Persistence & Privilege: okalways:false and user-invocable:true (default) — the skill does not demand forced/global inclusion. The scripts create or modify files under user-specified skill directories (init_skill, package_skill), which is expected behavior for an authoring tool. The skill does not attempt to modify other skills' configurations or claim system-wide privileges.