Skillv1.0.0

ClawScan security

TaskSquad.ai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 1:37 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's description matches its stated purpose, but the runtime instructions include high-risk actions (remote install script, third-party Homebrew tap) and it fails to declare required credentials; it would allow remote tasks to be executed on your machine, so proceed only after verification and containment.
Guidance: This skill is not obviously malicious, but it has several red flags and missing declarations. If you are considering installing it: 1) Do not run curl | bash from install.tasksquad.ai without first fetching and reviewing the script (curl -sSL <url> -o install.sh and inspect). 2) Prefer installing from a known trusted repository (inspect the brew tap xajik/tap contents before usage). 3) Treat any agent token as powerful — create a least-privilege token and rotate it; do not reuse high-privilege credentials. 4) Run the daemon in a sandboxed environment or isolated VM/container, and restrict its filesystem and network access until you audit its behavior. 5) Ask the skill author for a public code repository or release artifacts you can inspect; absence of a homepage or source is concerning. 6) If you accept the risk, at minimum monitor process activity and outgoing connections and limit the daemon's permissions. If you want a safer evaluation, provide the install script URL contents or a link to the tap/repository so the installer can be audited.

Review Dimensions

Purpose & Capability: noteName/description (TaskSquad integration) align with the SKILL.md: it is intended to run a local daemon that receives and executes tasks from a central portal. However the skill's registry metadata declares no required credentials or binaries while the instructions clearly rely on an agent token and external installation steps — this mismatch is unexpected.
Instruction Scope: concernSKILL.md instructs installing a daemon that 'pulls tasks from portal every minute' and 'executes it locally and updates status' — by design this gives remote-origin tasks the ability to run on the host. The doc also shows examples using $TOKEN for Authorization despite the registry declaring no required env vars. The instructions do not tell you to sandbox or limit execution, which broadens the effective scope of what the skill can do.
Install Mechanism: concernThere is no formal install spec in the registry, but the instructions recommend: (1) brew tap xajik/tap && brew install tsq (third-party tap), and (2) curl -sSL install.tasksquad.ai | bash. Both install suggestions fetch and run code from third-party/unfamiliar sources — piping a remote script to bash is high risk unless you audit the script first. The brew tap's provenance is also unclear.
Credentials: concernThe documentation examples use an Authorization Bearer $TOKEN and describe creating agent tokens, but the skill metadata declares no required environment variables or primary credential. Requiring an agent token to authenticate a daemon that executes remote tasks is reasonable — but the token requirement should be declared. Absence of declared credentials combined with examples that use $TOKEN is an inconsistency and a risk (possible accidental exfiltration or misuse if tokens are handled improperly).
Persistence & Privilege: notealways is false (good). disable-model-invocation is false (normal), meaning the agent could autonomously call the skill. Given the skill's intended behavior (autonomously pulling and executing remote tasks), autonomous invocation plus remote execution increases blast radius — this is not a problem by itself, but it elevates risk and deserves caution.