Skillv1.0.0

ClawScan security

Changelog Curator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 1:37 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requirements are consistent with a changelog/notes curator: it needs only python3, includes a local script to produce structured markdown from supplied inputs or directories, and does not request credentials or perform network exfiltration.
Guidance: This skill appears to do what it says: it generates structured changelog drafts from supplied text or a supplied directory and includes a local Python script for auditing. Before running: (1) Inspect scripts/run.py yourself (it is readable and included). (2) Avoid pointing --input at root or large private directories — restrict input to the repo or files you intend to process to prevent accidental scanning of sensitive files. (3) Use --dry-run or run with example input first, and review generated drafts before publishing. (4) There's no network activity or credential access in the bundle, but still treat any inputs containing secrets or PII as sensitive and redact them before use.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose is to curate changelogs from change lists/PR summaries and the bundle includes a Python script and templates that implement that. The script also supports directory audits and simple pattern scanning (e.g., headings extraction, CSV inspection, secret-like pattern detection). Those extra audit modes are plausible for assisting changelog generation from a repo, but are broader than the minimal 'changelog-only' functionality (it can read many file types in a provided directory).
Instruction Scope: noteSKILL.md instructs the agent to either produce output from templates/spec.json or (if environment permits) run scripts/run.py against a provided input path. The script will read files under the given path (various text file extensions) and can perform pattern scans for 'secret-like' strings. The instructions do not direct any external network calls, credential access, or unexpected endpoints; however, giving a repository/root path to the script will cause it to read many files, so inputs should be chosen deliberately to avoid exposing sensitive files.
Install Mechanism: okNo install spec — instruction-only with an included local Python script. Requires only python3 and standard library; nothing is downloaded or written to system paths during install.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. This is proportionate to the described functionality.
Persistence & Privilege: okalways is false and the skill is user-invocable. The skill can be invoked autonomously by the agent (platform default), but it does not request elevated or persistent privileges and does not modify other skills or system configurations.