Clawhub Publish Security
ReviewAudited by ClawScan on May 7, 2026.
Overview
This is a coherent local pre-publish scanner, but it can read the folder you point it at and print any detected secrets into terminal, CI, or agent logs.
This skill appears reasonable to use as a local pre-publish helper. Run it only on the skill folder you intend to publish, keep any failed-scan output private, and do not treat a clean pass or the self-authored vetting report as complete security assurance.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong folder, it may inspect private files outside the intended skill project.
The user supplies the directory path, and the scanner recursively reads supported files under it. This is aligned with pre-publish scanning, but the scope depends entirely on the path the user or agent provides.
skill_path = Path(sys.argv[1]) ... for filepath in self.skill_path.rglob("*"):Run it only against the intended skill directory and avoid broad paths such as a home directory or entire workspace.
A real token or password found by the scanner could be exposed to anyone who can see the scan output.
Detected sensitive values are printed in full to stdout rather than masked. That helps users fix issues, but it can place secrets into terminal output, CI logs, or an agent transcript.
print(f" - {issue['file']}:{issue['line']}: \"{issue['match']}\"")Treat scan output as sensitive, avoid public/shared logs, and consider masking detected values if using this in CI.
A user or reviewer might over-trust the author's self-assessment instead of evaluating the code and behavior.
The package includes a self-authored vetting request and safety claims. It asks for manual review, so this is not deceptive by itself, but it should not be treated as independent approval.
**Action requested:** Change status from "Suspicious" to "Safe" after manual review.
Use the included vetting report as context only; rely on the actual source code and your own review.