Back to skill
Skillv1.0.0
ClawScan security
Port Process · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 2:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and behavior are coherent with its stated purpose (finding and killing processes by port) and request no unrelated permissions or credentials.
- Guidance
- This skill appears to do exactly what it says: find/list ports and optionally kill the owning processes. Before using: (1) run with --dry-run or --json to inspect targets, (2) prefer --safe to send SIGTERM before SIGKILL, (3) avoid running kill commands as root unless you intend to, and (4) if you allow autonomous agent invocation, be aware an agent could execute the destructive kill operations — consider requiring explicit user confirmation before any termination.
Review Dimensions
- Purpose & Capability
- okName/description match the provided scripts and SKILL.md. The scripts and example shell commands use lsof/ss/netstat/ps and OS signals to locate and terminate processes — exactly what a port-process management tool should do. No unrelated services, credentials, or external endpoints are required.
- Instruction Scope
- noteSKILL.md and bundled scripts limit actions to locating/listing ports and sending signals to PIDs. The kill script prompts for confirmation and offers --dry-run/--safe modes. Note: the skill performs destructive actions (kill signals); exercise care and use --dry-run/--safe before terminating processes. The scripts use subprocess.run(shell=True) but validate/parse ports as integers via argparse, limiting injection risk.
- Install Mechanism
- okNo install spec or external downloads — the skill is instruction-only with included Python scripts. Nothing is fetched from remote URLs or written by an installer.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. It may require elevated privileges (sudo) to see or kill other users' processes, which is expected and documented in SKILL.md.
- Persistence & Privilege
- okalways is false, there is no request for persistent/global agent changes, and the skill does not modify other skills or system-wide agent settings.