ClawHub

Skill Security Scanner

Security checks across malware telemetry and agentic risk

Overview

The scanner’s purpose is coherent, but a bundled CLI wrapper can turn crafted scan arguments into shell commands, and the package ships with an unexplained pre-trusted whitelist entry.

Use caution before installing. If you use it, patch or avoid the root index.js wrapper, run scans only on known-safe URLs or paths, review or clear whitelist.txt, and treat its reports as heuristic rather than a definitive security verdict.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
High
What this means

A crafted scan target could make the agent run commands on the user’s machine.

Why it was flagged

The wrapper places raw CLI arguments into a shell command. Since scan targets are user-provided URLs, names, or paths, shell metacharacters could execute unintended local commands if this entrypoint is used.

Skill content
const args = process.argv.slice(2).join(' ');
const result = execSync(`"${scriptDir}/scripts/scan.sh" ${args}`, {
Recommendation

Replace execSync shell-string usage with execFileSync or spawn using an argument array, disable shell parsing, and validate scan targets.

#
ASI09: Human-Agent Trust Exploitation
Medium
What this means

The scanner may treat a named skill as trusted without the user having added it.

Why it was flagged

The package includes a pre-populated whitelist with an unrelated skill name. For a security scanner, unexplained pre-trust can suppress or alter risk reporting if the whitelist is honored.

Skill content
skill-security-scanner
minebean
Recommendation

Ship with an empty whitelist or only self-exclusions that are clearly documented, and require explicit user approval before trusting any third-party skill.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Users have less ability to verify the scanner’s origin, updates, or rule quality.

Why it was flagged

The registry provides no source repository or homepage, which limits independent verification of a tool that is intended to judge other skills’ security.

Skill content
Source: unknown
Homepage: none
Recommendation

Prefer a verifiable source repository, review the bundled scripts before use, and pin or audit future updates.