Clawhub Publish Security
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong folder, it may inspect private files outside the intended skill project.
The user supplies the directory path, and the scanner recursively reads supported files under it. This is aligned with pre-publish scanning, but the scope depends entirely on the path the user or agent provides.
skill_path = Path(sys.argv[1]) ... for filepath in self.skill_path.rglob("*"):Run it only against the intended skill directory and avoid broad paths such as a home directory or entire workspace.
A real token or password found by the scanner could be exposed to anyone who can see the scan output.
Detected sensitive values are printed in full to stdout rather than masked. That helps users fix issues, but it can place secrets into terminal output, CI logs, or an agent transcript.
print(f" - {issue['file']}:{issue['line']}: \"{issue['match']}\"")Treat scan output as sensitive, avoid public/shared logs, and consider masking detected values if using this in CI.
A user or reviewer might over-trust the author's self-assessment instead of evaluating the code and behavior.
The package includes a self-authored vetting request and safety claims. It asks for manual review, so this is not deceptive by itself, but it should not be treated as independent approval.
**Action requested:** Change status from "Suspicious" to "Safe" after manual review.
Use the included vetting report as context only; rely on the actual source code and your own review.