Trusted ClawHub Install Gate
PassAudited by ClawScan on May 15, 2026.
Overview
The skill is a coherent install-audit helper, but users should remember it relies on an external CLI and can change installed skills only after explicit approval.
This looks safe to use as an audit aid if you already trust the `clawhub-install-gate` CLI. Before approving any install, confirm the exact target directory, whether it is workspace-local or global, whether replacement is needed, and what files or lockfiles may change.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local audit command and, if the user approves, install or replace a skill.
The skill directs the agent to use a local CLI and allows installation actions that can mutate the user's skill environment, but it also sets clear approval and blocking rules.
Run `clawhub-install-gate inspect <path>` first. ... Only install on `REVIEW` after explicit user approval
Use it on a specific local skill path, review the PASS/REVIEW/BLOCK explanation, and only approve install, replace, or review-override flags for a destination you understand.
Security depends partly on the `clawhub-install-gate` binary already installed on the machine.
The required CLI implementation is not included in the scanned artifacts, so the review can assess the instructions but not the binary that will actually run.
Required binaries (all must exist): clawhub-install-gate ... No install spec — this is an instruction-only skill. ... No code files present
Install or use the required binary only from a source you trust, and verify its version/provenance before relying on this skill.