Back to skill
Skillv1.0.0
ClawScan security
工作流验证器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 3:45 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only workflow verifier whose declared purpose, required resources, and runtime instructions are internally consistent and proportionate.
- Guidance
- This skill is an instruction-only checklist for reviewing workflows and appears safe and coherent. It requires you to provide the workflow or requirements text to evaluate — it won't access your files or secrets on its own. Before installing, decide how you'll supply content to the skill (pasted text, PR diff, or API), avoid providing credentials or sensitive data in that input, and test it on non-sensitive sample workflows to verify the agent's behavior and outputs.
Review Dimensions
- Purpose & Capability
- okName/description (workflow verification, Karpathy-style checklist) match the SKILL.md content. The skill is instruction-only and asks for no binaries, env vars, installs, or external config — appropriate for a checklist/review helper.
- Instruction Scope
- okSKILL.md contains a clear, narrow checklist and a short procedural flow for reviewing workflows. It does not instruct the agent to read unrelated system files, access credentials, or send data to external endpoints. The only implicit requirement is that the agent be given the workflow/requirements text to evaluate.
- Install Mechanism
- okNo install spec and no code files — lowest-risk pattern. Nothing will be written to disk or downloaded during install.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill's needs (none) are proportional to its stated purpose.
- Persistence & Privilege
- okalways is false, user-invocable is true, and model invocation is allowed (platform default). The skill requests no elevated persistence or cross-skill configuration changes.