Skillv1.0.1

ClawScan security

Hardened execution guardrails — because production only gets one chance. · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 3:28 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a pure-instruction guardrail skill whose requirements and instructions are consistent with its stated purpose of preventing destructive production actions.
Guidance: This skill appears to be what it claims: a conservative, instruction-only guardrail for destructive operations. Before installing, check the missing pieces: (1) confirm the exact confirmation phrase and how the agent will match it (Section 6 was truncated in the provided copy), (2) test the skill in a safe environment to measure false positives and ensure it doesn't block legitimate automation, and (3) verify how it integrates with your agent pipeline — make sure other skills and automation flows will actually call or respect ProdShield when needed. Because it defaults ambiguous targets to 'production', expect extra prompts; if that's too noisy for your workflows, consider customizing the environment patterns or whitelist rules. Finally, since this is instruction-only, review the full SKILL.md (complete Section 6) and the confirmation/confirmation-handling behavior before relying on it in critical automation.

Review Dimensions

Purpose & Capability: okName/description claim a production safety guardrail and the skill only includes instruction files describing environment detection, dangerous-command patterns, and recovery playbooks. It requests no credentials, binaries, installs, or config paths — all proportionate to a safety-only skill.
Instruction Scope: noteSKILL.md prescribes strict detection rules, pre-execution checklists, prohibited-actions lists, dry-run and confirmation protocols, and recovery playbooks — all within the scope of preventing destructive operations. The guidance is conservative (defaults ambiguous targets to production), which is intentional but may produce many false positives or block legitimate automated workflows. The distributed docs are truncated where Section 6 confirmation phrasing would appear; you should verify the exact confirmation phrase and how the skill expects confirmation to be provided.
Install Mechanism: okInstruction-only skill with no install steps, no downloads, and no code to execute — minimal installation risk.
Credentials: okThe skill requests no environment variables, secrets, or external credentials. It only reads contextual names/URLs/connection strings from the immediate prompt context (as required to decide whether a target is production), which aligns with its stated purpose.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable; it does not request elevated permanence or modify other skills. Autonomous invocation is enabled by default on the platform, which is normal; nothing in the package attempts to force permanent inclusion or to change other skill configurations.