claw

SUSPICIOUS. The skill’s purpose and capabilities mostly align, but it forwards sensitive API/auth tokens from `.env` into an unverifiable container image with unclear provenance. There is no explicit malicious endpoint in the skill text, yet the combination of raw credential access plus opaque executable/container dependency creates high security risk.

No explicit malware/backdoor behavior is evident in this Python module, but it functions as a secret-forwarding, host-mounting container launcher. The biggest security concerns are supply-chain/trust-boundary risks (mutable default image tag, user-overridable image/runtime) and potential host-path escape or expanded blast radius due to DB-derived/CLI-derived folder values being used in bind-mount and copy path construction without strong validation. If the container image or the underlying DB/environment is untrusted or compromised, the impact could include credential theft/exfiltration or unauthorized modification of mounted host data.