Safety Report

Skillscanner

Name: Skillscanner
Rating: 5 (9 reviews)
Author: rexshang

@rexshang

Security scanner for ClawHub skills from Gen Digital. Looks up skill safety via the scan API.

2,326Downloads

9Installs

9Stars

2Versions

API Integration4,971 Security & Compliance1,716 Git & Version Control784 Legal & Compliance738

Security Analysis

medium confidence

Clean

The skill's stated purpose (querying a third‑party scan API for a ClawHub skill URL) matches its instructions and requirements; it is an instruction-only skill that only posts the skill URL to a single external API and interprets the response.

Feb 11, 20262 files

Purpose & Capabilityok

Name and description say it looks up ClawHub skill safety via a scan API, and the SKILL.md instructs exactly that (POST to https://ai.gendigital.com/api/scan/lookup with the ClawHub URL). No unrelated credentials, binaries, or installs are requested. Note: source/homepage are missing, but that does not make the functionality incoherent.

Instruction Scopeok

Runtime instructions are narrow: perform a single HTTP POST with the skill URL and interpret status and severity fields. The instructions do not ask the agent to read files, env vars, or other local data. The only data transmitted is the skill URL (which may include author/slug).

Install Mechanismok

No install spec and no code files — instruction-only — so nothing is written to disk or installed by the skill.

Credentialsok

No environment variables, credentials, or config paths are requested. The skill does not attempt to access unrelated secrets. One caveat: the SKILL.md provides no auth flow; if the API required credentials this skill does not handle them.

Persistence & Privilegeok

always is false and the skill does not request persistent privileges or modify other skill/system settings. Autonomous invocation is allowed (platform default) but not excessive for this utility.

Guidance

This skill is internally consistent: it sends a ClawHub skill URL to ai.gendigital.com and uses the returned status/severity. Before installing, confirm you trust the external service (ai.gendigital.com) because the skill will transmit each scanned skill URL there. Check whether the API requires authentication (the skill provides no auth flow) and prefer scanning in a sandbox or using manual review for high‑risk skills. Because the package has no homepage or source link, prefer caution — verify the operator (Gen Digital) independently if you will rely on these scan results.

Latest Release

v1.0.1

- Added _meta.json file for metadata management. - No changes to existing skill logic or documentation.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @rexshang on ClawHub