Skillv1.0.2

ClawScan security

Local ContextBridge 中文 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 24, 2026, 1:36 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are internally consistent with a local-document semantic-search tool, but it instructs installing and running a third‑party pip package that will read local files — verify the package/source before installing and limit which folders are watched.
Guidance: This skill appears to do what it says: install a local CLI that indexes and searches your documents. Before you install or run it, do the following: (1) Verify the package name and source: check that the pip package (cbridge-agent) actually corresponds to the claimed GitHub repo and review the repo or release artifacts if possible. (2) Install in an isolated environment (virtualenv/container) if you want to limit risk. (3) Do not add system or highly sensitive folders to the watch list; explicitly add only the directories you want indexed. (4) Prefer installing a pinned version and inspect setup scripts for post-install hooks. (5) If you cannot audit the code, consider running the agent with least privilege or using alternative, audited tools. These steps reduce risk from a third‑party package that will read local files and may run a background service.

Review Dimensions

Purpose & Capability: okThe name and description (local semantic search over Word/Excel/PDF/Markdown) match the instructions: installing a local agent (cbridge), initializing it, adding watched folders, building an index, and searching. The single declared requirement (pip) is appropriate for installing a Python CLI. The skill references creating a workspace and config under the user's home directory (~/.cbridgeworkspace, ~/.cbridgeconfig.yaml), which is consistent with a local indexer.
Instruction Scope: noteThe SKILL.md tells the agent to install and run a local CLI (cbridge), add directories to be watched, and start a background service — all expected for a local document indexer. It does direct actions that read local files and create config/workspace under the user's home, which is necessary but high‑impact: the agent (via the installed tool) will have access to any folders the user adds. The documentation also includes an automatic-download/initialization step in the flowchart that is vague about user consent and verification.
Install Mechanism: noteThis is an instruction‑only skill (no install spec in metadata) but instructs the user/agent to run pip install cbridge-agent. Installing a PyPI package is a common way to get a CLI, but pip packages execute arbitrary Python code at install/runtime — this is a moderate risk if you don't verify the package/source. The README claims a GitHub repo (https://github.com/whyischen/context-bridge) which could be used to audit the code, but the SKILL.md does not instruct verifying package provenance or pinning versions.
Credentials: okNo environment variables or external credentials are requested. The only config paths referenced (~/.cbridgeconfig.yaml, ~/.cbridgeworkspace) are specific to the tool and proportionate to its purpose.
Persistence & Privilege: noteThe tool includes commands to start a service (cbridge start/serve) and to watch directories, which implies running a persistent local process that has access to watched files. The skill metadata does not set always:true and does not request system-wide privileges; still, running a background service should be treated as a persistent capability and limited to explicitly chosen folders.