Back to skill
Skillv1.0.0
ClawScan security
autodl-train · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 11:23 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, scripts, and runtime instructions align with its stated purpose (operating training jobs over SSH); it requires remote SSH access (as expected) and does not contain obvious unrelated network endpoints or install steps, but parts of the shared helper (common.py) were truncated so I could not fully verify SSH/password handling and remote-execution plumbing.
- Guidance
- This skill appears coherent and implements what it claims: it needs SSH access to the remote AutoDL server and will run commands inside the configured project_path. Before installing or running: 1) Treat SSH credentials as powerful—only grant access to hosts you trust. Prefer SSH keys over putting passwords in environment variables. 2) Verify the truncated helper functions (run_remote_script, build_ssh_command, build_activation_block) to ensure they do not write secrets to disk or leak credentials and that password handling (if used) is secure. 3) Confirm allowed_project_roots in your config so the skill cannot be pointed to an overly broad path (e.g., '/'). 4) Test first against a non-production project/host to observe behavior. 5) If you need higher assurance, request the remaining parts of common.py (the SSH/remote-run implementation) so they can be inspected for any unsafe temporary-file or subprocess patterns. Overall risk is typical for any tool that executes commands on a remote server via SSH.
Review Dimensions
- Purpose & Capability
- okName/description match the code and SKILL.md: scripts start/resume training, check status, monitor resources and parse logs. Declared behavior (SSH to host, operate inside a configured project_path, read logs, detect failures) is exactly what the included scripts implement.
- Instruction Scope
- okSKILL.md instructs the agent to run the included scripts and to operate only inside project_path; the scripts follow that model (they create a launcher in the project directory, read log files from configured candidates, run nvidia-smi and /proc reads on the remote host). There is no instruction to collect or transmit files to third-party endpoints beyond SSHing to the target server.
- Install Mechanism
- okNo install spec is present (instruction-only skill with local Python scripts). Nothing is downloaded or executed from arbitrary URLs; risk from installs is minimal.
- Credentials
- noteThe skill requests no required env vars but supports many AUTOCLAW_* environment overrides (host, username, ssh key path, and ssh password among others). Those variables are relevant to SSH-based operation. Note: providing an SSH password in environment is supported (AUTOCLAW_TRAIN_SSH_PASSWORD); this is expected but raises the usual operational risk of password-in-env exposure—prefer SSH keys. All declared env mappings are proportional to the task.
- Persistence & Privilege
- okSkill does not request permanent/global privileges (always=false). Its operations are limited to running commands on a user-provided remote host and creating a launcher file inside the configured project_path. It does not attempt to modify other skills or system-wide settings.