Back to skill
Skillv0.1.0
ClawScan security
Ghsa Skill Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 14, 2026, 8:15 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (generating vulnerability-pattern skills from GHSA/H1/NVD) is plausible, but the runtime instructions expect local scripts, the GitHub CLI/auth, and to read local plugin files while the skill declares no required binaries or credentials — the pieces are inconsistent and could lead the agent to access unexpected local data or run missing/unreviewed scripts.
- Guidance
- This skill is an instruction-only workflow that assumes you have local Python scripts, the GitHub CLI, and GitHub authentication already configured, but the package metadata doesn't declare those dependencies. Before installing or enabling it: 1) Verify the referenced scripts (scripts/*.py) exist and inspect them — the SKILL.md will make the agent run them. 2) Confirm whether you want the agent to use your 'gh' credentials (it will try to use whatever GitHub auth is available). 3) Note it asks the agent to read ~/.claude/plugins/cache/*/... — review that path for sensitive files. 4) If you proceed, run it in a sandbox or with limited credentials first, and only allow access to the specific repos/data needed. If the missing scripts/binaries are not present, the agent may attempt to execute unexpected commands or read unintended local files; demand explicit declarations (required binaries, required env vars) from the publisher before trusting this skill.
Review Dimensions
- Purpose & Capability
- noteThe high-level purpose (building vulnerability-pattern Skills from GHSA/HackerOne/NVD) matches the instructions' goals. However, the SKILL.md assumes the presence of local python scripts (scripts/fetch_*.py, fetch_details.py, test_*.py) and the GitHub CLI ('gh') but the skill metadata does not declare any required binaries or credentials. That mismatch is disproportionate: a builder workflow legitimately needs GH CLI, Python scripts, and a GH token — these should be declared.
- Instruction Scope
- concernThe instructions explicitly tell the agent to run local scripts, call 'gh api', fetch diffs, and to read a writing-skills SKILL.md under ~/.claude/plugins/cache/*/superpowers/*/skills/writing-skills/SKILL.md. Those actions read local files and invoke networked APIs. The skill package contains no scripts or code, so following these instructions would cause the agent to run external/unprovided tooling or attempt to read arbitrary local plugin cache paths — scope creep from a registry skill that declares no such requirements.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files. That lowers installer risk (nothing is downloaded or written by the skill itself). However, the instructions depend on external tooling (Python scripts, gh CLI) that the agent may try to execute; absence of an explicit install step means those dependencies are unmanaged.
- Credentials
- concernSKILL.md references GitHub authentication and uses 'gh api' (which typically requires user credentials/config) but the skill metadata lists no required environment variables or primary credential. The agent may attempt to use whatever GitHub auth exists on the host (or fail). The skill also instructs reading a path in the user's plugin cache, which may expose unrelated cached tokens or files. Required credentials and filesystem access are not declared, so requested access is not proportionately described.
- Persistence & Privilege
- notealways:false (normal) and the skill allows model invocation (default). Autonomous invocation combined with instructions to execute local scripts and call GH APIs increases potential blast radius if the agent is allowed to run commands. This is not flagged alone but should be considered alongside the other concerns.