Back to skill
Skillv1.0.0
ClawScan security
NeuralEntropy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 6:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose: it locally simulates neural spiking and decodes it to cursor movement, with no network calls or credential access.
- Guidance
- This skill appears internally consistent and low-risk: it runs a local simulation and prints results, with no network access or credential use. Before installing or running: (1) review the script yourself (it's short and readable); (2) run it in a sandbox or isolated environment if you have any doubt; (3) ensure Python and numpy are installed (the skill does not include an install step); and (4) note the source/homepage are unknown—if you need provenance or maintenance, ask the publisher for more information.
Review Dimensions
- Purpose & Capability
- okThe name/description (BCI simulation & decoder) aligns with the included Python script and README. There are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md and README simply instruct running the included script. The runtime instructions and script operate locally, printing results; they do not read system config, access external endpoints, or request unrelated data.
- Install Mechanism
- noteThere is no install spec (instruction-only), which is low risk. However, the code imports numpy but the skill does not declare dependencies or provide installation steps; users will need Python + numpy available to run the script.
- Credentials
- okNo environment variables, credentials, or config paths are required. The skill does not attempt to access unrelated secrets or services.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide privileges. It does not modify other skills or agent configuration.