Back to skill
Skillv0.1.0
ClawScan security
Dl Transformer Finetune · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 8:06 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it provides an instruction and a small bundled script to generate reproducible fine-tuning run plans and does not request credentials, external downloads, or network access.
- Guidance
- This skill appears to do what it says: generate finetuning run plans. Before installing or running it, consider: (1) review the bundled script yourself — it writes files to whatever output path you provide and can overwrite existing files, so avoid privileged/system paths; (2) prefer running with --dry-run first to inspect output without side effects; (3) do not pass secrets or credentials in the optional input JSON; (4) validate any datasets or metrics referenced (license/risk notes are included but not enforced); (5) because the platform allows autonomous invocation, restrict when/where the agent can run this skill if you want to avoid unexpected file writes. Overall the package is coherent and self-contained.
Review Dimensions
- Purpose & Capability
- okThe name/description match the included artifacts: SKILL.md, a finetune guidance doc, and a Python script that builds run plans and model-card skeletons. No unrelated binaries, env vars, or services are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to run the bundled scripts and consult the reference guide; the script only reads an optional JSON input and writes an output file (json/md/csv). This stays within the stated purpose, but note the script will create/overwrite files at the provided output path and can load a user-specified input file (size-limited).
- Install Mechanism
- okNo install spec; this is instruction-only with a small included script. Nothing is downloaded or extracted from external URLs.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The script does not access other system credentials or external services.
- Persistence & Privilege
- okalways:false and no modifications to other skills or system-wide settings. The skill can be invoked autonomously per platform defaults, but it does not request elevated or persistent privileges.