solo-init

clawhub:solo-init

View source

100/100

First Seen

Feb 20, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Unscoped Bash tool in allowed tools INDIRECT_010

command-execution L10

Detects skills that include unscoped Bash in their allowed tools list (not Bash(cmd:*) scoped)

allowed-tools: Read, Grep, Bash,

FIX

Scope the Bash tool to specific commands using allowedTools patterns (e.g., Bash(git *) instead of bare Bash). Remove blanket Bash access from allowed_tools lists.

FP?

Likely FP if the Bash entry in allowed_tools is part of a constrained configuration that limits commands elsewhere (e.g., via system prompt restrictions).

LOW

pip install arbitrary package EXTDL_009

external-download L107

Detects pip install of arbitrary packages that modify the host environment

pip install so

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.