Skillv1.0.10

ClawScan security

Local Context Bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 24, 2026, 1:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (search local documents) matches what its instructions ask the agent to do, but the runtime guidance encourages autonomous indexing, background services, and automatic initialization that could access or persistently monitor local files without clear, explicit user consent — review before installing.
Guidance: Before installing or using this skill: - Review the upstream project: inspect the GitHub repository (whyischen/context-bridge) and the pip package contents to confirm there is no unexpected network-sending code or privileged behavior. Verify package integrity and publisher identity. - Do not allow automatic or silent initialization: refuse any agent-initiated 'auto-download & initialize' flows. Require explicit, user-driven installation and configuration steps. - Control what is indexed: only add directories you explicitly approve; avoid adding home directories, cloud-sync folders, password/key stores, or other sensitive locations. - Inspect the default config (~/.cbridge/config.yaml) before starting the service. Ensure 'serve' does not bind to public interfaces or enable remote access without authentication. - Prefer running the agent in an isolated environment (VM/container) if you are unsure about the package's provenance. - If you need the feature but cannot audit the code, consider alternatives (well-known local search tools) or ask the skill author for a signed release and reproducible build instructions. If you want, I can: list exact checks to run on the pip package, suggest safer configuration options for cbridge, or draft a confirmation prompt the agent should require before any installation or directory watching.

Review Dimensions

Purpose & Capability: noteThe name/description (search local Word/Excel/PDF/Markdown) aligns with the instructions (calls a local CLI 'cbridge' to index and search files). Requiring pip to install the helper is reasonable. Minor mismatch: the README/flowchart implies automatic download & initialization and recommends default config, which goes beyond a passive search helper and should be explicit to the user.
Instruction Scope: concernSKILL.md instructs the agent to 'act autonomously' and 'seamlessly invoke cbridge search' without explicitly asking the user unless authorization is required. It also instructs using cbridge to add watched directories, rebuild indexes, and read full documents when snippets are insufficient. That gives the agent broad discretion to enumerate and read local files; the document does not define explicit consent/authorization checks or limits on which directories to index.
Install Mechanism: noteNo platform install spec was provided (instruction-only), but SKILL.md instructs 'pip install cbridge-agent'. Using pip is common but allows arbitrary code execution from a package; the skill relies on installing a background agent via pip rather than only using existing, audited system tooling. The repository URL is provided for audit, which helps, but the skill does not force a vetted install path or warn about verifying package origin.
Credentials: noteThe skill does not request environment variables or external credentials, which is proportionate. However, it expects to create and use local config (~/.cbridge/config.yaml) and workspace (~/.cbridge/workspace) and to be allowed to watch arbitrary directories; those filesystem privileges are intrinsic to the feature and should be explicitly authorized by the user.
Persistence & Privilege: concernThe instructions include commands to start a background service (cbridge start), run an API (cbridge serve), and watch directories for changes. That creates persistent, long-lived access to local files and an API surface that could expose indexed data. Combined with the 'act autonomously' guidance, this raises notable persistence and privilege concerns if the agent starts these services without clear user approval or proper network/ACL restrictions.