Skillv1.1.0

ClawScan security

Skill Publish Vetter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 27, 2026, 2:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (a pre-publish privacy scanner), it has no installs or external network calls, and it does not request unrelated credentials or system privileges.
Guidance: This tool appears to do exactly what it says: it scans a target skill directory for tokens, passwords, private keys, .env values, personal emails/paths, and internal IPs. Before running or using this skill: 1) Confirm the exact target directory you want scanned — the script will read every matched file and can reveal secrets. 2) Be aware SKILL.md requires outputting the full report to chat, which will include detected secret lines (truncated but potentially sensitive); do not run it in a channel or conversation that is public or archived if you do not want those secrets recorded. 3) If you prefer, run bash scripts/publish-check.sh locally in a terminal yourself and inspect the results before copying any parts into chat. 4) Review the actual repository copy of scripts/publish-check.sh (the provided excerpt was truncated in the listing) to ensure no later-added behavior (network calls, uploads, or obfuscation) exists. If you want to proceed, ask the user to explicitly confirm the target path and confirm they understand that the report may contain sensitive data.

Purpose & Capability: okThe name/description state a pre-publish privacy scan and the bundle includes a shell scanning script (scripts/publish-check.sh) plus SKILL.md instructions that call that script. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope: noteSKILL.md mandates running the included script against the target skill directory and printing the full scan report to chat ("do not summarize or omit anything"). That is coherent with vetting, but it explicitly instructs the agent to output detected sensitive lines (partially truncated by the script). This means secrets discovered by the scan will be echoed into the conversation/chat logs — expected for a vetter but a privacy risk the user should be aware of.
Install Mechanism: okNo install spec; this is instruction-only with an included shell script. The script uses only local POSIX tools (grep/sed/find) and writes to a temporary file. No downloaded code or external package installs.
Credentials: okThe skill requests no environment variables or credentials. The scanner operates on file contents only and does not attempt to read config paths or other skills' secrets.
Persistence & Privilege: okalways is false, autonomous invocation defaults are unchanged, and the skill does not modify system state or other skills' configs. It writes only a temporary results file and prints a report.