Back to skill
Skillv1.0.0
ClawScan security
agent-architecture-evaluator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 3:35 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and minimal runtime artifacts are consistent with an architecture-review helper and do not request unrelated credentials, installs, or persistent privileges.
- Guidance
- This skill appears coherent and low-risk: it ships templates, documentation, and a small Python script that renders a JSON architecture review to Markdown. Before using, review how you supply input to the script: it reads a file path you provide, so avoid pointing it at local files that contain credentials or other sensitive data. If you intend to allow autonomous invocation or run the script in an automated environment, run it in a sandbox or inspect the script first (it's short and included). Otherwise, no additional credentials, network endpoints, or installs are required.
Review Dimensions
- Purpose & Capability
- okName and description match the included assets (templates, references, example input) and a small helper script. There are no unrelated env vars, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md stays focused on mapping architectures, failure modes, tests, and measurements. It does not instruct reading arbitrary system secrets, contacting external endpoints, or performing actions outside the stated scope.
- Install Mechanism
- okNo install spec is provided (instruction-only). The only executable is a small local Python renderer; there are no downloads, external package installs, or extracted archives.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. Nothing requests broad secrets or unrelated service tokens.
- Persistence & Privilege
- okalways:false and no persistent install behavior. agents/openai.yaml contains allow_implicit_invocation:false which further limits implicit invocation on that interface. The skill does not modify other skills or system-wide settings.