Skillv1.0.2

ClawScan security

CHIS/CHISF · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 26, 2026, 3:01 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a simple wrapper for running clawhub installs and is mostly coherent, but it omits declaring required binaries, hard-codes an author-specific home path, and explicitly recommends force-installing packages flagged as suspicious — these inconsistencies warrant caution.
Guidance: This skill is essentially a shortcut for running 'clawhub' install/inspect commands, but there are a few red flags to consider before installing or running it: - Verify you have and trust the 'clawhub' binary. The skill assumes clawhub exists but the metadata does not declare it. If you install this skill, ensure 'clawhub' is the expected, official tool on your system. - Be cautious about the advice to use --force on 'flagged' packages. Force-installing packages that are flagged as suspicious bypasses safety checks and can install malicious code; prefer to inspect packages and understand why they were flagged before forcing installation. - The script and docs use a hard-coded home path (/Users/zququ/...). Update the default workdir to a path appropriate for your machine or always pass an explicit --workdir to avoid accidental writes to an unexpected location. - The SKILL.md mentions a local fallback binary (/Users/zququ/.local/bin/clawhub-install-safe). If such a binary exists on your system, inspect it before running it — do not execute unknown local binaries without review. If you want to use this skill: (1) edit the script or wrapper to remove or replace hard-coded paths, (2) add 'clawhub' to the declared required binaries, and (3) avoid blindly following the recommendation to force-install flagged packages. These changes would make the skill much more trustworthy.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose is to standardize installs via clawhub, but the metadata declares no required binaries while both SKILL.md and the included shell script assume the 'clawhub' command (and optionally a local fallback at /Users/zququ/.local/bin/clawhub-install-safe). The absence of 'clawhub' in required binaries is an incoherence.
Instruction Scope: concernInstructions are limited to running clawhub install/inspect, which matches the purpose, but they also (a) hard-code an author-specific default workdir (/Users/zququ/.openclaw/workspace), and (b) explicitly recommend using --force to install packages even when 'flagged as suspicious', which encourages bypassing safety checks and is a policy risk.
Install Mechanism: okNo install spec — this is an instruction-only skill with a simple included bash script. There are no downloads or archive extracts, so the install mechanism itself is low-risk and consistent with the stated function.
Credentials: noteThe skill does not request credentials or environment variables, which is proportional. However, it references specific filesystem paths in examples and a local fallback binary path that are tied to the packager's home directory; this is unusual and could cause accidental writes or execution in unexpected locations.
Persistence & Privilege: okThe skill does not request permanent presence (always is false) and is user-invocable. It does not modify other skills or system configuration in its instructions; persistence/privilege demands are reasonable.