Skillv1.0.0

ClawScan security

Model Deploy Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 12:54 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with its stated purpose (deploying models via ModelScope and vLLM); it requires SSH access to target servers and will install/run software on the target, so use with normal operational caution.
Guidance: This skill appears to do what it says, but take these precautions before using it: - Ensure the agent host has deliberate SSH key-based access to target servers; do not provide private keys to unknown code. The script expects passwordless SSH. - Review and control the target server environment: the script will pip install packages, download large model files (disk/ bandwidth usage), and start a service listening on 0.0.0.0 — ensure firewalling and authentication as needed. - Confirm whether ModelScope models you will download are public or require credentials; this skill does not declare ModelScope credentials. - Validate the Miniconda location and conda availability on the target; the script expects $HOME/miniconda3 by default and will exit if not found. - Be cautious with PROXY env var values (they can redirect network traffic); set them only to trusted proxies. - Test on a non-production host first to verify behavior, port selection, GPU/memory usage, and to avoid accidental exposure of the model service.

Review Dimensions

Purpose & Capability: okThe name/description (deploy LLMs with ModelScope and vLLM) aligns with the included script and SKILL.md. The script calls modelscope and vllm as advertised; no unrelated credentials or external services are requested.
Instruction Scope: noteInstructions are scoped to copying the provided deploy.sh to a target GPU server and running it over SSH. This is coherent, but it requires passwordless SSH access from the agent host and instructs the target server to pip-install packages, download large model files, and start a network service bound to 0.0.0.0 (exposes the model service). The SKILL.md also assumes Miniconda exists in a specific path ($HOME/miniconda3), which may not hold on all systems.
Install Mechanism: okThere is no install spec for the skill itself (instruction-only). The included script runs pip install on the target host (vllm, modelscope) and uses the modelscope CLI to download models — this is expected and uses standard package tooling rather than arbitrary remote archives.
Credentials: noteThe skill does not request credentials or environment variables from the registry. However, it implicitly requires SSH key-based access to target servers and may rely on network proxy variables (PROXY) provided at runtime. If private ModelScope models are needed, additional credentials (not declared) might be required. The script's use of proxy env vars means an attacker with control of those values could redirect downloads.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent platform privileges or modify other skills. It performs actions on remote hosts (installing software and starting services) but only when invoked; this is expected for a deployment tool.