Back to skill
Skillv1.0.0
ClawScan security
Contract Risk Review Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 1:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only contract review checklist and template suite that is internally consistent with no unexplained permissions, installs, or credential requests.
- Guidance
- This skill appears coherent and does what it says: provide checklists, scoring and negotiation templates for construction contracts. Before using: (1) Do not paste sensitive credentials or confidential personally-identifying information into the tool unless you trust the hosting platform and its data-retention/privacy policies. (2) Treat the output as advisory — it is not a substitute for licensed legal advice, especially for high-value or jurisdiction-specific disputes; have a qualified lawyer review critical changes. (3) Confirm how uploaded contract text is stored or logged by the platform if confidentiality is a concern. (4) Because the skill source/homepage is unknown, prefer testing it on non-sensitive sample contracts first and verify outputs against human review.
Review Dimensions
- Purpose & Capability
- okName and description (construction contract risk review) match the SKILL.md content: checklists, scoring, negotiation templates and output formats. The skill does not request unrelated credentials, binaries, or config paths.
- Instruction Scope
- okSKILL.md is a self-contained, deterministic set of steps and templates for analysing contract text and producing reports. It asks the user to paste or upload contract text and does not instruct the agent to read unrelated files, environment variables, or to transmit data to third-party endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only. Nothing is written to disk or fetched at install time.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. The functionality described (text analysis, checklists, templates) does not require secrets or external service credentials.
- Persistence & Privilege
- okalways:false and user-invocable:true. The skill does not request persistent privileges or modify other skills or system-wide settings.