Back to skill
Skillv1.0.1
ClawScan security
project-guide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 6:17 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that guides users through filling project templates — its requested capabilities and instructions align with that purpose and it does not request credentials, installs, or unusual system access.
- Guidance
- This skill appears coherent and low-risk: it only provides prompts and markdown templates for gathering project requirements. Before installing, verify you trust the skill owner (source is unknown), and confirm the agent's workspace permissions — especially whether it will be allowed to write files in your environment. Review any generated templates before using them in production to ensure no sensitive information was inadvertently included.
Review Dimensions
- Purpose & Capability
- okThe name/description (project guidance) match the files and runtime instructions: asking questions and producing/updating markdown templates. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md limits runtime behavior to conversational prompts and generating/updating templates in the provided templates/ directory. It does not instruct reading arbitrary system files, contacting external endpoints, or exfiltrating secrets.
- Install Mechanism
- okThere is no install spec and no code to execute — this is instruction-only, which minimizes disk/network install risk.
- Credentials
- okNo environment variables, credentials, or config paths are required. The skill's functionality does not require any secrets or cloud credentials.
- Persistence & Privilege
- okalways is false and there is no indication the skill modifies other skills or system settings. Model invocation is allowed (the platform default) but the skill's instructions do not request elevated or persistent privileges.