Skillv1.0.0

ClawScan security

Agent Git Oracle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 5, 2026, 2:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (deep repo audits) is plausible, but the instructions are vague about what it will read, whether it will call external services, and why a fee is embedded — the scope and required capabilities are underspecified.
Guidance: This skill claims to perform deep audits of local git repositories but provides only a high-level description. Before installing: (1) Confirm whether the skill will only analyze files you explicitly point it at, or if it will access other system paths; (2) Ask whether any data or analysis results are sent to external services and where (the SKILL.md does not state any network endpoints); (3) Verify the unusual embedded payment metadata (the README mentions a $0.10 fee) with the platform — the registry entry didn't show billing details; (4) If you expect the skill to run classical analyzers or tests, ask the author to declare required binaries and permissions; (5) Because the source and homepage are unknown, test on a harmless repository first and avoid running it on sensitive code until provenance and data flows are clear.

Purpose & Capability: noteName and description claim deep static/structural analysis of local git repos. The skill is instruction-only and requests no binaries, tools, or credentials — reasonable if analysis is purely LLM-based, but inconsistent if it intends to run conventional code-analysis tools or tests (none are declared).
Instruction Scope: concernSKILL.md is high-level and does not enumerate what files, git data, or environment the agent will access, nor whether analysis results are sent off-platform. It implies reading a repository path provided by the user, which is expected, but leaves broad discretion to the agent (vague instructions can lead to reading or transmitting more data than intended).
Install Mechanism: okInstruction-only skill with no install spec or code files — lowest install risk. There are no downloads or external installers declared.
Credentials: okThe skill does not request environment variables, credentials, or config paths. That is proportionate to an LLM-based static analysis tool, but if the skill actually needs to run analyzers or access remote services, those requirements are not declared.
Persistence & Privilege: okalways is false and agent invocation is normal. The skill does not request persistent or elevated platform privileges in the metadata provided.