Skillv0.2.0

ClawScan security

Agent Causal Decision Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 9:59 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are consistent with a Python-based causal analysis tool; it asks only for git/pip/python and instructs cloning a GitHub repo and installing expected scientific packages.
Guidance: This skill is coherent for running A/B and DiD analyses: it clones a GitHub repo into ~/clawd and pip-installs packages, which is expected. Things to consider before installing: (1) pip installing from a GitHub repo executes that repo's install code — only proceed if you trust the repo/author; (2) the clone writes into ~/clawd and may overwrite existing files if that path already exists; (3) because this is instruction-only, there was no source code available to scan here — if you want stronger assurance, review the repository contents (https://github.com/ZhuMorris/agent-causal-decision-tool) before running pip install or git clone. If you cannot review the repo, treat the install risk as higher.

Review Dimensions

Purpose & Capability: okName/description (A/B and DiD analysis, audit trails) match the requested binaries (python3, git, pip) and Python packages (click, scipy, numpy, pydantic). Requiring git and pip is reasonable for cloning and installing a Python tool.
Instruction Scope: noteSKILL.md instructs cloning a GitHub repository into ~/clawd/agent-causal-decision-tool, running CLI commands via PYTHONPATH and python -m src.cli, and optionally saving/auditing JSON outputs. The instructions do not request unrelated files, secrets, or external endpoints beyond GitHub. Note: the instructions write files into the user's home directory (~/clawd), which is expected for a local tool but worth being aware of.
Install Mechanism: noteNo install spec is embedded in the registry; the SKILL.md uses git clone and pip install from a GitHub repository. GitHub is a common release host (acceptable), but pip installing directly from a repo can run arbitrary installation code during install (setup/pyproject hooks). This is typical for third-party Python packages but increases risk compared to instruction-only skills that do not install anything.
Credentials: okThe skill declares no required environment variables or credentials and the instructions do not reference secrets or unrelated env vars. The lack of credential requests is proportionate to the stated purpose.
Persistence & Privilege: okalways:false and no requests to modify other skills or system-wide agent settings. The tool will install into the user's home directory and add its own code to PYTHONPATH at runtime, which is normal for a local CLI/library.