Back to skill
Skillv1.0.0
ClawScan security
study-revision-planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 9:57 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, declared dependencies, and runtime instructions are consistent with a local, audit-able study-planner that uses a small Python helper script and no external credentials or remote installs.
- Guidance
- This skill appears coherent and low-risk: it runs a small local Python script and uses a bundled template, with no network calls or secret requirements. Before running: (1) ensure python3 is the intended interpreter on your system, (2) review scripts/revision_schedule.py (it's short and readable) so you understand what input it expects and where it will write output, and (3) avoid pointing the tool at sensitive system files (the script reads a user-specified JSON and writes a CSV and could overwrite a file if you choose an existing path). If you want additional reassurance, run the script manually (python3 scripts/revision_schedule.py --help) with sample data to inspect outputs before allowing agent-driven runs.
Review Dimensions
- Purpose & Capability
- okName/description match the included artifacts: a planner SKILL.md, a small local script (scripts/revision_schedule.py), and a template CSV resource. The only declared runtime requirement is python3, which is appropriate for the bundled script. No unrelated credentials or binaries are requested.
- Instruction Scope
- okSKILL.md limits operations to planning, preview, and producing structured outputs; it explicitly recommends preview mode and not performing destructive changes without user confirmation. The script only reads a user-provided JSON file and writes a CSV; instructions do not reference unrelated files, credentials, or external endpoints.
- Install Mechanism
- okThere is no install spec. The skill is instruction-only with a local helper script; nothing is downloaded or executed from remote sources. This is the lowest-risk model for install behavior.
- Credentials
- okNo environment variables, credentials, or config paths are required. The skill requests only python3, which is proportional to running the included Python script.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated agent privileges. It does not modify other skills or system-wide agent settings.