Skillv1.0.0

ClawScan security

Universal Release · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 1:41 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The instructions look like a plausible release workflow, but the skill omits required tooling and credential needs (git/GitHub CLI and access) and thus is internally inconsistent and needs clarification before use.
Guidance: This skill looks like a reasonable release helper but is missing important operational details. Before installing or running it: (1) confirm you have git and the GitHub CLI (gh) installed and authenticated — the skill will call them; (2) understand it will read and modify version and changelog files in your repo and may require committing/pushing changes or network access to GitHub; (3) verify what credentials/permissions the agent will use (local gh auth or a token) and avoid providing broad repo or org-level tokens unless you trust the skill; (4) run with the provided --dry-run option first and review changes locally before applying or pushing them. If the vendor/source can provide an updated SKILL.md that explicitly lists required binaries and credential guidance, re-evaluate after those corrections.

Review Dimensions

Purpose & Capability: concernThe skill claims to automate releases, but the metadata declares no required binaries or credentials. The runtime instructions call git and the GitHub CLI (gh) and read/write repository files — these are necessary for the stated purpose but are not listed as requirements.
Instruction Scope: concernSKILL.md instructs the agent to run git commands, call 'gh pr view' and 'gh repo view', scan and modify changelog and version files, and insert content into files. It implicitly requires network/GitHub access and permission to write repository files, yet the instructions do not declare or constrain those actions, nor do they explain how PR numbers are resolved or how/when changes are committed/pushed.
Install Mechanism: noteThis is an instruction-only skill with no install spec (lowest install risk). However, lacking an install section increases opacity because it relies on external binaries (git, gh) and local repository state that must already exist on the host.
Credentials: concernThe skill requires access to repository files and to GitHub via the 'gh' CLI, which implies credentials (local gh auth or GITHUB_TOKEN) and network access. No environment variables, tokens, or credential requirements are declared, making the credential needs disproportionate to the published metadata.
Persistence & Privilege: okThe skill is not always: true and does not request persistent/global agent changes. It is user-invocable and can be invoked autonomously, which is the platform default and expected for a workflow skill.