Back to skill
Skillv1.2.0
ClawScan security
Debug Methodology · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 6:01 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only debugging methodology whose requested artifacts and runtime instructions align with its stated purpose and it does not ask for credentials, installs, or unrelated privileges.
- Guidance
- This skill is conceptually coherent and appears to be a safe, instruction-only methodology. Things to consider before enabling it: (1) SKILL.md expects the agent (or operator) to run shell/admin commands (ps, scp, cp, pm2 restart, etc.); ensure you understand whether your agent is allowed to execute such commands automatically — if you want to avoid accidental destructive actions, require manual approval or disable autonomous invocation. (2) The deployment steps include file transfer and restarts: follow the skill's own advice about backups and verification before pushing changes. (3) The SKILL.md is truncated in the provided snippet—review the full file for any additional commands or endpoints not shown. If you want minimal risk, use this as a human-facing checklist rather than granting the agent permission to execute the suggested commands automatically.
Review Dimensions
- Purpose & Capability
- okName/description (systematic debugging) match the content: the SKILL.md and README present a step-by-step debugging and deployment checklist. There are no unrelated env vars, binaries, or opaque installs requested.
- Instruction Scope
- okThe instructions ask the agent/operator to inspect local process state, environment, venvs, logs, and to use standard admin commands (ps, ls, which, scp, cp, pm2 restart). Those actions are appropriate and expected for a debugging/deployment methodology. Nothing in SKILL.md instructs the agent to collect or transmit unrelated secrets or to phone-home to unexpected endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes disk-/network-based install risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The runtime instructions reference local system state and standard tools only, which is proportionate to the debugging purpose.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request permanent presence or attempt to modify other skills or system-wide agent configs.