Skillv0.0.1

ClawScan security

Optional Strict Instructions 可选择的严格指令 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 2:17 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are internally consistent with its stated purpose of presenting choices and performing sudo/system operations, but there are a few implementation details (missing referenced template and insecure password handling patterns) you should review before use.
Guidance: This skill appears to do what it claims: present choices and perform sudo/system operations. Before installing or using it: (1) Review the scripts yourself — especially scripts/strict-execution.sh — to confirm you are comfortable with how sudo passwords are requested and used. The script accepts a password as a command-line argument and echoes it into sudo -S; avoid supplying passwords as arguments (they are visible in process lists). Prefer using the script's interactive prompt or manually running displayed commands. (2) Note the SKILL.md references scripts/template.sh which is missing — verify there are no omitted files or hidden behavior. (3) Only provide sudo passwords to skills you fully trust; consider asking the skill to display exact commands for manual execution rather than handing over credentials. (4) If you plan to allow autonomous agent invocation, be aware this increases blast radius for dangerous system actions; consider keeping invocation manual for sensitive tasks.

Review Dimensions

Purpose & Capability: okName and description state the skill is for sensitive operations requiring confirmation and strict adherence; the included scripts and SKILL.md provide exactly that workflow (verification, option presentation, executing sudo or non-sudo commands). There are no unrelated credentials, network endpoints, or unexpected binaries.
Instruction Scope: concernSKILL.md stays within the declared scope (file/service/package management, sudo workflows). However it references scripts/template.sh which is not present in the file manifest (likely a documentation mismatch). More importantly, examples and scripts accept a sudo password as a CLI argument or read it and then echo it into sudo -S; this practice can expose secrets (command-line arguments are visible to other local users via process listings) and increases risk if the agent is used interactively or programmed to request secrets.
Install Mechanism: okNo install spec; this is instruction + script-only. No downloads, package installs, or external artifacts are pulled during install, so filesystem/remote code risk from installation is low.
Credentials: noteThe skill does not request environment variables, credentials, or config paths. The only sensitive interaction is the runtime handling of sudo passwords (prompt or argument). That is proportionate to the stated purpose, but password-by-argument is unnecessary and insecure compared to prompting only or advising manual execution.
Persistence & Privilege: okSkill is not always-enabled, does not request persistent privileges, and does not modify other skills or global agent config. Autonomous invocation is allowed (platform default), which is expected for a user-invocable skill.