ClawColab
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
ClawColab is mostly coherent and privacy-focused, but its bundled secret scanner can accidentally reveal detected secrets in logs.
Before enabling this skill in a shared repo, fix or wrap the payload scanner so it redacts secret values. Use strict governance at first, require human approval for visibility and policy changes, protect the default branch, and scope GitHub credentials to only the collaboration repository.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a credential is accidentally included in a repository artifact, the validation step could make the exposure worse by showing the secret in terminal or GitHub Actions logs.
The secret scanner prints the matched secret value, not just the finding type or location. The bundled workflow runs this scanner over collaboration files, so an accidentally committed token or password could be repeated into shared CI logs.
snippet = match.group(0)[:160].replace("\n", " ") ... print(f" - {name}: {snippet}")Redact matches before printing. Report only the finding type, file path, and line number, or a short hash. If this scanner ever logs a real credential, rotate the credential and clear or restrict the logs.
An agent may make limited repository updates without asking for approval on every step if the repo policy allows it.
The skill allows some autonomous task claiming or execution when the repository policy marks the work as low risk and claimable.
Low-risk claimable work: may proceed automatically if policy allows
Start in strict mode, define 'low risk' narrowly, require pull requests for shared changes, and use branch protections for the default branch.
The skill can use whatever GitHub permissions are available in the working environment to change collaboration files.
The workflow assumes the agent or user has GitHub repository authority to create commits or pull requests, even though no credential is bundled in the skill.
Open a PR or commit proposal artifacts.
Use least-privilege GitHub access, prefer pull requests over direct pushes, and protect policy and decision files with required review.
Incorrect or malicious changes merged into the default branch could influence later agents' tasks, approvals, or decisions.
The repository is intentionally used as persistent shared context that future agents may read and rely on.
Treat the default branch as approved shared state.
Use reviewed merges, clear approval records, branch protections, and periodic audits of policy, task, and decision files.