Skillv1.0.0

ClawScan security

claude-code-local · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 4:36 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions clearly expect a local 'claude' CLI and Anthropic credentials and describe powerful file-editing modes (including a 'dangerously' bypass), but the registry metadata declares no required binaries or environment variables — an incoherence that warrants caution.
Guidance: This skill appears to be a local CLI wrapper for Claude Code and will read and (optionally) modify files in whatever project you point it at. Before installing or using it: 1) Don't assume the registry metadata lists everything — you will likely need the 'claude' CLI (npm @anthropic-ai/claude-code) and an Anthropic API key or token; ensure you install the CLI from the official source and store credentials securely. 2) Be cautious with modes that allow edits or use --dangerously-skip-permissions; test in an isolated repository or a throwaway clone first. 3) Ask the publisher for a homepage/source repo and an explicit install spec and declared required env vars; that information would resolve the main inconsistency and raise confidence. 4) If you can't verify the origin, avoid granting the skill broad filesystem access or permanent credentials.

Review Dimensions

Purpose & Capability: concernThe SKILL.md is a CLI wrapper for running a local 'claude' (Claude Code) process against a project and describes read/edit/write permission modes. That purpose reasonably requires a 'claude' binary (or npm package) and probably Anthropic credentials, but the skill metadata declares no required binaries or env vars — a mismatch between what the skill needs and what it asks for in the manifest.
Instruction Scope: noteInstructions tell the agent to cd into user projects, run the claude CLI with flags that allow file reads and edits, and optionally bypass permission checks (--dangerously-skip-permissions). Those behaviors fit the stated purpose (code editing/review) but grant significant local filesystem modification ability; the SKILL.md also recommends running diagnostic shell commands that check environment variables and PATH.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files. That minimizes direct install risk. However, the troubleshooting text instructs users to install '@anthropic-ai/claude-code' via npm if 'claude' is missing — the skill itself does not provide or automate installation, so the user or operator would need to install external software before use.
Credentials: concernThe SKILL.md checks for and references ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN, implying the need for credentials, yet the manifest lists no required env vars or primary credential. The skill will operate on local repos and may execute shell commands; requiring Anthropic credentials for a local CLI is plausible, but the omission in metadata is an important inconsistency. The 'dangerously-skip-permissions' mode is explicitly risky and should only be used for trusted projects.
Persistence & Privilege: okThe skill is not always-on and does not request elevated platform privileges. It does enable autonomous invocation by default (the platform default), which combined with file-editing ability increases impact, but alone this is expected behavior for a coding assistant.