Skillv5.0.0

ClawScan security

Brother DCP-T426W Printer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 12, 2026, 1:30 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill's files and runtime instructions are consistent with a local-network printer helper — it requires only CUPS/local TCP access to a specific printer IP and does not request unrelated credentials or external endpoints.
Guidance: This appears to be a straightforward local printer helper, but review a few things before installing/running: 1) The script hardcodes PRINTER_IP (192.168.50.232) and PRINTER_NAME — verify this is your printer or edit the script to use a configurable argument rather than the hardcoded IP. 2) The SKILL.md instructs you to run sudo lpadmin to add a printer — only run those commands if you trust the printer/network and understand that they modify your CUPS config. 3) The package contains unrelated sonoscli files in the manifest and mentions backup driver files in docs that aren't present — this looks like packaging noise, not malicious behavior, but worth noting since the source/homepage are unknown. 4) Inspect scripts/print.py yourself (it is short) before executing; it only opens TCP to the LAN printer and spawns lp/lpstat, but make sure your environment and network policies permit that. If you want safer usage, change the code to accept a --host/--ip argument and avoid running privileged setup commands automatically.

Review Dimensions

Purpose & Capability: noteThe name/description match the included CLI script: code talks to a Brother printer over IPP/CUPS or TCP port 9100. One minor oddity: the printer IP (192.168.50.232) and printer name are hardcoded in scripts/print.py rather than being declared configurable in SKILL.md, which reduces flexibility but is plausible for a device-specific skill. The manifest also contains unrelated Sonos helper files (skills/sonoscli/*) which are unnecessary for this printer skill and look like leftover/packaging noise.
Instruction Scope: okSKILL.md instructs only on printing setup and operation (installing CUPS, running lpadmin, using the included script). The instructions ask for one-time sudo actions to add a CUPS printer (expected). Runtime instructions and the script only access the local network printer and local CUPS commands; they do not collect or transmit data to external endpoints.
Install Mechanism: okNo automated install spec is provided (instruction-only + a Python script). That keeps the on-disk footprint minimal and avoids third-party downloads — consistent with the skill purpose.
Credentials: okThe skill declares no required environment variables or credentials and the code does not read secrets or other env vars. It only uses local system commands and a hardcoded LAN IP, which is proportionate to printing functionality.
Persistence & Privilege: okThe skill is not always-enabled and uses normal model invocation defaults. The SKILL.md asks the user to run privileged lpadmin commands for initial CUPS setup, but the script itself does not modify other skills or system-wide settings beyond what the documented setup requires.