Is clawddocs safe?

SKILL.md instructs the LLM agent to execute 7 shell scripts in ./scripts/. While currently stubs with echo-only output, these scripts establish a pattern where the agent will run them on command. A future version update could introduce malicious payloads in these scripts that the agent would execute without additional user confirmation.

SKILL.md assigns the agent a specific identity ('You are an expert on Clawdbot documentation') and prescribes a detailed workflow including decision trees, script execution order, and output formatting requirements. While benign in intent, this demonstrates the skill's ability to direct agent behavior.

The skill instructs the agent to fetch documentation from docs.clawd.bot via shell scripts and potentially via browser tool. While the domain is legitimate and related to the skill's purpose, this establishes a pattern of external URL fetching directed by skill content.

A TLS connection to 216.150.1.1:443 was established during skill installation. This is likely the clawhub.ai registry performing the install, which is expected behavior, but the IP should be verified.

The snippets/common-configs.md file contains configuration templates with environment variable references like ${DISCORD_TOKEN} and ${TELEGRAM_TOKEN}. These are standard placeholder patterns and do not expose actual secrets, but users should be aware the agent may display these patterns.

package.json contains no preinstall, postinstall, or other lifecycle scripts. The package is cleanly declared with only metadata fields.

No canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) were accessed or modified during the skill installation or execution.