ClawSec

The name/description (ClawSec Monitor MITM proxy) match the runtime instructions (starting a local MITM proxy, installing a CA, setting HTTP(S)_PROXY). However, the skill bundle contains only SKILL.md and no code, no Dockerfile, no requirements file, and no homepage or source URL. The instructions expect files like clawsec-monitor.py, Dockerfile.clawsec, and requirements.clawsec.txt to exist — but those are not provided. That inconsistency (instructions requiring artifacts that are missing and no authoritative source to fetch them) is a significant red flag.

The SKILL.md instructs the agent/user to perform high-impact actions: generate and install a local CA into system trust stores (requires sudo), route all agent traffic through the proxy via environment variables, and view/rotate logs under /tmp/clawsec. Those steps are coherent with running a MITM proxy, but the instructions also implicitly require running an external Python script (clawsec-monitor.py) and Docker compose files that are not included. There is no guidance on verifying or obtaining the actual binary/script, and no mention of safe defaults or limitations for scope of interception (e.g., limiting to specific agent processes), which broadens the operational scope unexpectedly.

No install spec is provided (instruction-only), which by itself is low-risk — but SKILL.md references building/running Docker, a Docker image, and a Python script and dependencies (cryptography>=42.0.0). Because the skill lacks those artifacts and lacks a canonical download/source, a user would need to obtain code from an unspecified location. That elevates risk: instructions would lead an operator to run or fetch software from unknown/unverified locations.

The skill declares no required credentials or env vars, which is consistent. However, the runtime instructions ask the user to install a CA into the system trust store (modifies system-wide TLS trust) and to set HTTP_PROXY/HTTPS_PROXY env vars to redirect traffic. Those actions are proportionate to running a MITM proxy but are highly sensitive (they enable interception of TLS traffic and could capture secrets). The SKILL.md references system paths (/usr/local/share/ca-certificates, /Library/Keychains/System.keychain, /tmp/clawsec) but does not request or document checksums, signatures, or an authoritative source for the code or CA.

The skill does not request 'always: true' and does not declare permanent privileges. That is appropriate. Still, the described runtime behavior (installing a CA and routing agent traffic through the proxy) grants the proxy high ongoing visibility into agent communications while it runs. Because the skill's package does not include the code that would implement this behavior, it's unclear what code would run and what persistence it might install.