Back to skill
Skillv1.0.0
ClawScan security
context-not-control · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 7:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and requested resources are consistent with its stated purpose (a context-and-permission workflow); it reads/writes project config files but does not request credentials or perform network/exfiltration operations.
- Guidance
- This skill appears coherent and implements the described 'context and permission' workflow. Before installing/running: 1) Inspect PERMISSION_CONFIG.yaml and set conservative defaults (start at Level 2 or 3). 2) Be aware the scripts will create/append PROJECT.md and PERMISSION_CONFIG.yaml in the workspace root and may detect configs in parent directories — run them from a directory you control. 3) Ensure PyYAML is available (permission_check.py imports yaml) or run in an environment with that dependency. 4) The skill's docs describe high-autonomy behaviors (installing, deploying) as possible under 'Master' mode — those are policy choices for the agent, not automatic network actions in the shipped code; grant execution/deployment privileges only if you trust the agent. 5) If you want extra safety, run the scripts in an isolated workspace or review/adjust permission rules before allowing the agent to act autonomously.
Review Dimensions
- Purpose & Capability
- okName/description match the provided artifacts: SKILL.md + scripts implement a context-and-permission workflow (init, permission checks, update, clarification). No unrelated environment variables, binaries, or external services are required.
- Instruction Scope
- noteRuntime instructions focus on clarifying requirements and managing PROJECT.md / PERMISSION_CONFIG.yaml. The README encourages AI autonomy (installing/deploying/etc.) under 'Master' mode, which is a policy choice rather than code behavior — the shipped scripts themselves only read/write files and check permission rules. Note: scripts search parent directories for .git and for PERMISSION_CONFIG.yaml (may access configs higher in the filesystem) and use interactive prompts (input()), which can block in non-interactive environments.
- Install Mechanism
- okNo install spec; this is instruction + small utility scripts. Nothing is downloaded or extracted. The only runtime dependency of note is PyYAML (permission_check.py imports 'yaml') which is not declared in SKILL.md.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths beyond creating/reading PROJECT.md and PERMISSION_CONFIG.yaml. There are no requests for unrelated secrets or cloud credentials.
- Persistence & Privilege
- okalways:false and user-invocable (normal). The skill writes/updates files in the workspace (PROJECT.md, PERMISSION_CONFIG.yaml) which is expected for this purpose; it does not modify other skills or system-wide agent settings.