Skillv1.0.0

ClawScan security

Pydaqua SpaceAutonomySkill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 16, 2026, 6:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with a local simulated optical-quantum terrain classifier and do not request credentials, perform network exfiltration, or install remote binaries.
Guidance: This skill appears to be a self-contained Python simulation of an optical-quantum terrain classifier and does not attempt network access or request secrets. Before installing, note: (1) the package has no homepage or known publisher — consider the usual caution for unknown sources; (2) the code requires Python and numpy (not declared) so run it in an environment with those installed or in a sandbox; (3) there are small documentation inconsistencies (failsafe threshold and metadata/version strings) — the script enforces 0.85; (4) if you do not want the agent to call skills autonomously, disable model invocation for this skill in your agent settings. If you need stronger assurance, review the included script (scripts/quantum_nav.py) yourself or run it in an isolated environment.

Purpose & Capability: okName/description match the included Python simulation (quantum_nav.py). The required resources (none) are proportional to a local simulation. Minor metadata mismatches: registry version/name differ from SKILL.md metadata, but this is cosmetic.
Instruction Scope: noteRuntime instructions describe running a local simulation and do not direct the agent to read unrelated files, environment variables, or external endpoints. Small inconsistency: SKILL.md text says failsafe below 0.8, README says 0.85 and the code uses 0.85 — behavior is defined by the code (0.85).
Install Mechanism: okNo install spec; skill is instruction-only with an included Python script. No downloads, remote installers, or archive extraction are present.
Credentials: okSkill requests no environment variables or credentials and the code does not access secrets or external services. It does require a Python runtime and numpy; these are normal for a local simulation but are not declared as required binaries.
Persistence & Privilege: okalways is false and the skill does not modify system or other-skill configuration. disable-model-invocation is default (agent may call it autonomously), which is normal and expected.