Back to skill
Skillv1.0.0
ClawScan security
git-cmt-helper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 3:32 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested inputs and instructions match its stated purpose (generating Conventional Commits); it is an instruction-only helper with no installs, secrets, or unexpected endpoints.
- Guidance
- This skill is an instruction-only commit-message formatter and appears coherent with its purpose. If you install it, ensure your agent already has appropriate repository access (read context/diffs) because the guide suggests checking changed file paths to choose scope. No secrets or external downloads are required. Review SKILL.md and references/modules.md if you want to confirm the enforced conventions before enabling the skill.
Review Dimensions
- Purpose & Capability
- okName and description (generate Conventional Commits) match the SKILL.md content and the included modules list. The skill does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- okSKILL.md is narrowly focused on commit message structure, scope selection, examples, and rules. It references a local modules.md for valid scopes and suggests checking file paths being changed, which is reasonable for choosing a scope; it does not instruct the agent to exfiltrate data or call external endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only skills are the lowest disk-execution risk. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The constraints (valid scopes) are provided in the included references/modules.md file.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). The skill does not request persistent presence or modify other skills or system settings.