Skillv1.0.0

ClawScan security

Smart Summarizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 4:04 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only summarizer that only asks for URLs or pasted text and does not request credentials, install software, or perform unrelated actions — its declared requirements match its described purpose.
Guidance: This skill appears internally consistent and low-risk because it only describes how to summarize content you supply. Before using it: do not paste sensitive secrets, credentials, or private data you don't want processed by the agent; be aware that summarizing a URL implies the agent (or your environment) may fetch remote content—only allow public URLs you trust; if you need the agent to fetch web or YouTube content, confirm how the agent will perform fetching (network access, scraping, or third-party services) and whether you consent to that network activity. If you require stronger guarantees (no external fetching, local-only processing, or audit logs), request those constraints explicitly or avoid pasting private documents.

Purpose & Capability: okName/description (summarize articles, PDFs, videos, pasted text) align with the SKILL.md instructions. The skill declares no binaries, env vars, or installs, which is proportionate for an instruction-only summarizer.
Instruction Scope: okRuntime instructions only tell the agent to accept URLs or pasted text and return summaries in several modes. The SKILL.md does not instruct the agent to read local files, environment variables, or system config, nor to exfiltrate data to third-party endpoints beyond fetching public URLs/text provided by the user.
Install Mechanism: okNo install spec or code files are present (instruction-only). Nothing will be written to disk or downloaded by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. This is proportional to the claimed functionality.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request elevated or persistent privileges or modify other skills or system settings.