Back to skill
Skillv0.1.0
ClawScan security
Ambit Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 23, 2026, 12:45 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The SKILL.md describes a plausible Ambit CLI helper and the runtime steps mostly match that purpose, but the registry metadata omits required credentials and the instructions encourage running remote npm code (npx), which are notable inconsistencies and risks you should review before installing.
- Guidance
- This skill appears to implement an Ambit CLI workflow, but before using it: (1) be cautious about running remote packages with `npx @cardelli/ambit`—inspect the npm package source or prefer a vetted local binary; (2) expect to provide Fly.io authentication and a Tailscale API token—these are sensitive credentials that grant the ability to change routes/ACLs; (3) review any commands that require sudo (e.g., enabling accept-routes) and changes to Tailscale ACL tags because they alter network routing; (4) ask the publisher to update registry metadata to list required env vars and any install steps; and (5) consider testing in an isolated account or environment first. If you need help auditing the npm package or the GitHub templates before running them, get that code reviewed or run the tool in a disposable VM.
Review Dimensions
- Purpose & Capability
- okThe name and description match the instructions: the skill manages Ambit/Fly.io routers and Tailscale private networks, deploys apps, and configures DNS/routes. Requested actions (Fly.io auth, Tailscale token, modifying ACL tags, enabling accept-routes) are coherent with that purpose.
- Instruction Scope
- noteThe SKILL.md stays on-topic: it describes creating routers, setting Fly.io secrets, configuring split DNS, and using Tailscale API tokens. It legitimately asks the user to modify Tailscale ACL tags and enable accept-routes (which have network-level consequences) and to store TAILSCALE_API_TOKEN as a Fly secret. It does not appear to instruct reading unrelated host files or exfiltrating data, but it does require handling sensitive tokens and running privileged tailscale commands.
- Install Mechanism
- concernThere is no formal install spec in the registry, but the doc tells users to run `npx @cardelli/ambit` to execute a remote npm package. Running code directly from npm via npx is higher-risk because it executes code fetched at runtime from a package author and may write/execute arbitrary code locally. The SKILL.md also fetches templates from GitHub (expected) and uses flyctl/tailscale executables (expected).
- Credentials
- concernThe manifest declares no required environment variables, but the instructions explicitly require Fly.io authentication and a Tailscale API access token (and show setting TAILSCALE_API_TOKEN as a Fly secret). This mismatch (metadata omitting required secrets) reduces transparency. The credentials requested by the instructions are logically needed for the described operations, but they are sensitive (Tailscale API tokens can modify routes/ACLs) and should be declared in metadata and handled carefully.
- Persistence & Privilege
- okThe skill is instruction-only (no install spec writing to disk) and does not request always:true. The agent can invoke the skill autonomously (default) but that is normal for skills. The runtime instructions do request changes to user Fly/Tailscale configuration (secrets, tags, accept-routes) which have lasting network effects, but the skill itself does not request elevated platform privileges or long-term installation.