Scan Report
5 /100
skill-guard
Scan ClawHub skills for security vulnerabilities BEFORE installing. Uses mcp-scan to detect prompt injections, malware payloads, hardcoded secrets, and data exfiltration URLs.
skill-guard is a legitimate security-scanning tool that safely stages, scans, and optionally installs ClawHub skills using mcp-scan. The pre-scan IOCs are false positives: rm -rf / is a documentation example showing what mcp-scan detects, and curl|sh for uv is a documented dependency installation command.
Safe to install
This skill is safe to use. The pre-scan flags are benign documentation examples, not actual malicious code execution.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | WRITE | ✓ Aligned | safe-install.sh:59 rm -rf $STAGING_DIR (cleanup), safe-install.sh:83 mv for inst… |
| Shell | WRITE | WRITE | ✓ Aligned | safe-install.sh:47-53 clawhub install, safe-install.sh:77 uvx mcp-scan |
| Network | READ | READ | ✓ Aligned | safe-install.sh:47 clawhub install (ClawHub registry), safe-install.sh:77 uvx mc… |
| Environment | NONE | READ | ✓ Aligned | safe-install.sh:13 reads CLAWHUB_WORKDIR only for config, no secrets accessed |
2 Critical 3 findings
Critical Dangerous Command 危险 Shell 命令
rm -rf / SKILL.md:91 Critical Dangerous Command 危险 Shell 命令
curl -LsSf https://astral.sh/uv/install.sh | sh SKILL.md:96 Medium External URL 外部 URL
https://astral.sh/uv/install.sh SKILL.md:96 File Tree
3 files · 10.0 KB · 321 lines Shell 1f · 211L
Markdown 1f · 105L
JSON 1f · 5L
├─
▾
scripts
│ └─
safe-install.sh
Shell
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Dependencies 3 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
clawhub | latest | npm | No | Official ClawHub CLI for skill installation |
uv | latest | pip/astral | No | Python package manager by Astral; uvx runs mcp-scan |
mcp-scan | latest | uvx | No | Security scanner by Snyk/Invariant Labs |
Security Positives
✓ Skill explicitly documents its purpose as a security scanner for ClawHub skills
✓ Allows installation of clawhub CLI and uv via standard documented commands
✓ Uses staging directory (/tmp/) for untrusted skills—never touches real skills folder until scanned
✓ Integrates mcp-scan (Invariant Labs/Snyk) for security analysis
✓ Blocks installation on threats with exit code 2 and quarantines to staging
✓ No credential theft, data exfiltration, or sensitive path access
✓ clear exit codes (0=clean, 1=error, 2=threats found) with actionable guidance
✓ Documentation accurately reflects implementation—no doc-to-code mismatch