Skillv0.3.3

ClawScan security

Hume Network · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 12:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (local pattern mining + anonymous sharing) matches its CLI and collector model, but the runtime instructions give broad discretion to observe local activity and to auto-share mined patterns without strong, enforceable limits — this raises privacy/exfiltration concerns that deserve scrutiny before installing.
Guidance: This skill is coherent with its stated purpose, but it asks the agent (via the hume-network CLI and collectors) to observe local workflows and potentially share derived patterns. 'Never include personal data' is a guideline, not an enforced guarantee. Before installing or running: 1) review the upstream project (https://github.com/humebio/hume-network) and the npm packages' source code and recent releases; 2) run the node in a sandbox or on non-sensitive data first; 3) disable NODE_AUTO_PROPOSE / automatic sharing until you audit how collectors sanitize data; 4) inspect what files and git metadata the collectors read; 5) prefer manual propose/vote workflows rather than auto-propose; and 6) if you must run on a machine with sensitive projects, skip or restrict the 'dev' collector. If you can provide the full SKILL.md (untruncated) or the exact npm package sources, I can give a lower‑uncertainty recommendation.

Review Dimensions

Purpose & Capability: noteName/description align with the required hume-network CLI and the documented collectors (dev, system, etc.). Asking for a local CLI binary and describing mining/voting/observing behavior is coherent. Minor mismatch: registry lists no install spec but SKILL.md metadata suggests global npm packages (@humebio/*) — reasonable but worth confirming origin.
Instruction Scope: concernSKILL.md tells the agent to 'observe the user's workflow' and run collectors that inspect git/file activity and system events. Those instructions are broad: they imply reading filesystem, git metadata, and other local activity. The guidance to 'never include personal data' and to 'abstract before proposing' is advisory only — there is no enforcement described. This grants the agent considerable discretion to access and generate data that could be sensitive.
Install Mechanism: noteThe skill is instruction-only (no code files), so nothing is auto-written by the skill. SKILL.md metadata suggests installing npm packages globally (npm install -g @humebio/hume-network @humebio/collector-dev @humebio/collector-system). Installing third‑party npm packages is a moderate-risk operation (traceable via npm/GitHub but can run arbitrary code). No direct downloads or obscure URLs were found.
Credentials: okThe skill declares no required credentials or sensitive env vars. The only runtime envs mentioned control daemon behavior (MINER_ENABLED, COLLECTORS, NODE_AUTO_PROPOSE) — these are proportional. There are no declared requirements for unrelated cloud credentials or system tokens.
Persistence & Privilege: notealways:false (no forced inclusion). The skill can run a persistent node/daemon and supports NODE_AUTO_PROPOSE which would cause the node to automatically propose mined patterns to the network. Autonomous sharing combined with broad local observation increases privacy risk; recommend disabling auto-propose until you review collector behavior.