Skillv1.2.1

ClawScan security

Checklist · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 4:21 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a local checklist CLI as described, but there are mismatches (an undeclared dependency on jq and no install/wrapper for the 'checklist' command) and it writes to the user's home directory, so review and test in isolation before using.
Guidance: What to consider before installing: - The code implements a local CLI (scripts/checklist.sh) and will create ~/.checklist and write templates there on first run — expect persistent files in your home directory. - The script depends on the jq binary (used throughout) but the skill metadata doesn't list jq as a required binary; install jq or inspect/modify the script before running. - SKILL.md shows commands like 'checklist run' but the bundle does not include an installer or a wrapper that puts checklist in PATH — decide how you'll install or run scripts/checklist.sh (and review it) before executing. - There are no network calls or credentials in the examined files, but review the remainder of the script (the truncated portion) before running to confirm no unexpected network or exec behavior. - If you want lower risk, review the script content, run it in an isolated environment (VM/container), and ensure jq is from a trusted package source. If you plan to allow autonomous agent invocation, understand the agent could execute local commands that modify files under your home directory.

Review Dimensions

Purpose & Capability: noteThe files and SKILL.md align with a local checklist/agent coordination tool (templates, checklist.sh, commands like create/claim/depend). However the shipped script relies heavily on the jq binary (JSON processing) but the skill's metadata/requirements do not declare jq as required. Also the SKILL.md expects a 'checklist' CLI command while the code provides scripts/checklist.sh with no install script or instructions to place it on PATH — this is an incoherence between claimed UX and provided artifacts.
Instruction Scope: noteThe instructions and examples are scoped to creating and running checklists and include expected safety checks (deadlock, loop limits). They also assume running local CLI commands that will read/write files under the user's home (~/.checklist). Reading/writing user files is expected for this purpose, but the SKILL.md is vague about how the CLI is made available and therefore grants broad discretion to run commands in the user's environment (create/modify files in HOME).
Install Mechanism: concernThere is no install specification despite a sizable executable script being included. That means the skill bundle contains code that could be executed, but there are no documented or automated steps to install or register the 'checklist' command. This discrepancy raises friction and risk: users/agents might attempt to run 'checklist' but it won't exist, or they may run the script directly without proper review. Also, the script will copy templates into ~/.checklist on first run (writing to disk).
Credentials: okThe skill does not request environment variables, credentials, or external service tokens. Its file access is limited to the user's home directory (~/.checklist) and included template files. No network endpoints, secret exfiltration, or unrelated credentials are requested by the skill artifacts.
Persistence & Privilege: okThe skill does persist state to ~/.checklist and creates files (agents.json, active checklists, templates). It does not request elevated privileges, is not always-enabled, and does not modify system-wide or other skills' configuration. Writing to the user's home directory is expected for a local CLI but is a persistence action users should be aware of.