Skillv0.1.5

ClawScan security

Social Alignment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 12:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to be an instruction-only ethical compass but the manifest instructs installing a remote package (pip and an ambiguous 'uv' installer); that mismatch and the lack of source code in the bundle make it unclear what will run after installation.
Guidance: This skill claims to be an instruction-only ethical module but its manifest requires installing a remote package (pip and an unclear 'uv' installer). Because the bundle contains no code to review, installing would fetch and run code you can't audit. Recommendations before installing: - Verify the package 'social-alignment' on PyPI and inspect its source repository (the listed GitHub URL) for recent commits, maintainers, and readable code. - Ask the maintainer to explain the 'uv' installer and why both pip and uv are listed. - If you must test it, install in an isolated environment (fresh virtualenv or disposable VM/container) with no access to sensitive files or credentials. - Inspect the installed package contents for network calls, telemetry, or code that executes at install-time (setup.py/pyproject build hooks) before running it. - Prefer requesting a version that attaches no network behavior or providing an audited local wheel if you need to run in a high-risk environment. Given the inability to audit the package from this bundle, proceed cautiously and validate provenance and source code before granting it to any agent that has access to secrets or production resources.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (an alignment/ethical compass) is coherent with the instructions in SKILL.md (checks, persistence, escalation). However the SKILL.md also claims 'zero required dependencies' and 'no network', while the install section and registry metadata explicitly list pip install and an 'uv' installer for package social-alignment — a contradiction that needs clarification.
Instruction Scope: okRuntime instructions describe alignment checks, creating an AlignmentEnclave, and optional persistence to a user-specified file (e.g., ~/.agent/alignment.json). These actions are consistent with the stated purpose and do not request unrelated system data or unrelated credentials. The only scope issue is the textual claim of 'no network' vs. the install-time network activity implied by pip/uv.
Install Mechanism: concernThe manifest instructs installing a package named social-alignment via pip and also via an unknown 'uv' installer. There are no code files in the skill bundle to inspect locally, so installing will fetch remote code. 'pip' installs from PyPI (or other indexes) and can execute arbitrary code at install or runtime; the additional 'uv' installer is non-standard/ambiguous. Multiple install kinds for the same package increase uncertainty about provenance and risk.
Credentials: okThe skill does not request environment variables, secrets, or config paths beyond an optional local storage path for persistence. That is proportionate to an alignment component. The only environment-related requirement is that the system has the pip binary available to perform the install.
Persistence & Privilege: okThe skill does not request always: true, does not claim to modify other skills or global agent settings, and is user-invocable. It stores optional state in a user-specified local file (normal for this kind of component).