Skillv1.0.0

ClawScan security

Skill Lookup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 1:23 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it describes and implements a simple registry search-and-install workflow and does not request unrelated credentials or installs, but it will persist arbitrary skill files to your .claude/skills directory so you should inspect skills before installing them.
Guidance: This skill is coherent for its stated purpose, but it writes whatever files are returned by the registry into your .claude/skills folder with minimal verification. Before installing a skill retrieved by this tool: 1) Inspect the skill's file list and SKILL.md for unexpected helper scripts or executables; 2) Prefer skills from reputable authors or with documentation and checksums/signatures; 3) Require explicit user confirmation before saving/installing (do not allow autonomous installs), and if possible run newly installed skills in a sandbox or review their contents before enabling them; 4) If you want extra safety, only install skills that are instruction-only (SKILL.md) and avoid ones that include scripts or binaries.

Review Dimensions

Purpose & Capability: okThe name/description match the SKILL.md instructions: it searches the prompts.chat registry (via search_skills/get_skill) and saves retrieved files to .claude/skills/{slug}/. There are no unrelated env vars, binaries, or installs requested.
Instruction Scope: noteInstructions are focused on searching, retrieving, and saving skill files. This is expected, but the installer saves all returned files (including helper scripts/configs) with only a minimal verification step (ensure SKILL.md exists). That means arbitrary files from the registry can be persisted on disk; there is no checksum/signature verification or explicit sandboxing described.
Install Mechanism: okNo install spec is provided (instruction-only), so nothing is downloaded or executed by the skill itself beyond the described get_skill calls and local file writes. This is lower risk than an installer that pulls executables from arbitrary URLs.
Credentials: okThe skill requests no environment variables, credentials, or config paths. It only reads data returned by registry tools and writes to the .claude/skills directory as described.
Persistence & Privilege: concernThe skill persists files under .claude/skills/{slug}/ which is expected for an installer, but this grants it the ability to add arbitrary skill files into the agent's skill set. Combined with normal model invocation (disable-model-invocation=false), this could allow the agent to install new skills autonomously unless carefully governed; the SKILL.md does not require explicit user confirmation beyond the user's initial request.