Skillv1.0.0

ClawScan security

MyVibe Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the described MyVibe publishing workflow, but its runtime instructions ask the agent to escalate sandbox/network permissions and install/run external npm packages (including global installs and npx), read/write local files (including ~/.myvibe), and spawn processes — actions that increase risk and deserve careful review before installing.
Guidance: This skill generally does what it claims, but it requires running network-enabled commands, installing npm packages (potentially globally), starting local servers, and writing files in your home and /tmp directories. Before installing or invoking it: 1) Review scripts/utils/auth.mjs to see how access tokens are obtained/stored and where tokens are written; 2) Audit package.json/package-lock.json (and the @aigne dependencies) for any packages you don't trust; 3) Avoid granting a broad/elevated sandbox permission unless you run the skill in an isolated environment (VM or disposable container); 4) Be cautious about allowing global installs (agent-browser) and npx runs — prefer installing required dependencies in an isolated environment under your control; 5) If you need only metadata or simple uploads, consider using a narrower tool that doesn't request global installs or elevated sandbox privileges. If you want, I can inspect auth.mjs (not shown fully) and the remaining truncated files for token storage or other sensitive behavior to refine this assessment.

Review Dimensions

Purpose & Capability: okThe name/description (publish static HTML/ZIP/dir to MyVibe) matches the included scripts: uploading via TUS, conversion polling, screenshot generation and publishing metadata. Reading git remote, zipping directories, creating screenshots, and uploading are all coherent with the stated purpose.
Instruction Scope: concernSKILL.md instructs the agent to run network-enabled Bash commands, potentially globally install agent-browser (npm install -g agent-browser), run `npx http-server`, run `agent-browser` (which manages Chromium), run `npm install` for script dependencies, and run git commands. Those steps require filesystem access, process spawning, network access, and installing third‑party software — broader scope than a purely read-only metadata extractor. The instruction to run Bash commands with `sandbox_permissions=require_escalated` is unusual and raises privilege concerns.
Install Mechanism: noteThere is no formal install spec, but package.json and package-lock.json are included and the SKILL.md explicitly tells operators to run `npm install` (or `npm install -g agent-browser`) and uses `npx` to run http-server. This means dependencies will be fetched from the npm registry at runtime (moderate risk). No downloads from suspicious URLs were found, but dynamic installs and npx execution increase attack surface.
Credentials: okThe skill does not request unrelated environment variables or cloud credentials. It performs reasonable local operations for publishing (reads files, reads git remote, writes publish history to ~/.myvibe, creates /tmp artifacts) and uses an OAuth/authorization flow (getAccessToken) rather than asking for secrets in env vars. Those behaviors are proportional to the publishing task but involve storing state in the user's home directory and using bearer tokens at runtime.
Persistence & Privilege: noteThe skill is not 'always' installed. It does persist publish history to ~/.myvibe/published.yaml and writes /tmp screenshot result files. The runtime instructions may install global binaries (agent-browser) and run npx which can add software to the environment. The SKILL.md request to run commands with elevated sandbox/network permissions is notable and increases the blast radius if granted.