Skillv1.0.0

ClawScan security

Deutsche Bahn CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:27 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (search DB train connections) matches its instructions, but it instructs running local/npm code from an unspecified source and omits required runtime details, so you should verify the code before use.
Guidance: This skill is plausible for searching DB connections, but it assumes and executes local/unverified code. Before installing or invoking it: (1) ask for the official repository or npm package name and verify the source (GitHub or an official release), (2) ensure node/npm are installed and consider running npm install in an isolated environment (container or VM), (3) inspect package.json and lockfile for suspicious dependencies (and audit db-vendo-client), (4) avoid running node index.js in ~/Code/bahn-cli unless you trust that directory, and (5) if you want to reduce risk, request the skill be packaged with an explicit install spec (trusted release URL or published npm package) and declared runtime binaries. If you are uncomfortable running unverified code, do not install or invoke this skill.

Review Dimensions

Purpose & Capability: noteThe SKILL.md clearly describes using a bahn-cli tool to search Deutsche Bahn connections, which matches the name and description. However, the skill metadata declares no required binaries while the instructions assume node and npm are available and assume the code lives at a hard-coded path (~/Code/bahn-cli). The homepage/source are missing, so it's unclear where bahn-cli comes from.
Instruction Scope: concernThe runtime instructions tell the agent to cd into ~/Code/bahn-cli, run npm install there, and execute node index.js. That means the agent will run arbitrary local JavaScript code and may download packages from npm. The instructions do not include verification steps (no checksum, repo URL, or provenance), so executing them could run untrusted code on the host.
Install Mechanism: noteThere is no formal install spec in the registry; the SKILL.md expects a manual npm install inside a local path. This is a common developer workflow but relies on the local repo existing and on npm packages from the registry. Because the skill's source/homepage are not provided, the install origin is unknown.
Credentials: noteThe skill requests no environment variables or credentials, which is appropriate. One minor inconsistency: required runtime binaries (node, npm) are used in the instructions but not declared in the registry metadata.
Persistence & Privilege: okThe skill does not request always:true and does not declare modifying other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high privileges in this skill.