Skillv1.0.0

ClawScan security

chitin-moat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 28, 2026, 5:28 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: it provides config, validation, audit, and lookup helpers for channel-level trust tiers and does not request unrelated credentials or perform network/exfiltration actions — it is advisory and requires integration to actually enforce limits.
Guidance: This skill is a coherent, advisory toolkit for mapping channels to trust levels — it does not automatically enforce those limits. Before relying on it: (1) integrate the resolve step into your agent runtime so capability ceilings are actually enforced, (2) review and supply correct channel/owner IDs in chitin-trust-channels.yaml, (3) test the integration thoroughly (the resolve script has minor bugs: when an override matches it returns a field named 'level' containing the override pattern instead of a level, and the DM detection logic may misclassify some channel ID formats), and (4) treat the permission matrix as policy guidance only — the agent or platform must implement the enforcement hooks (e.g., blocking exec, file I/O, or secret access) to make the controls effective.

Purpose & Capability: okName/description match the included artifacts: example config, permission matrix, and three small helper scripts (validate, audit, resolve). The skill requests no env vars, binaries, or installs, which is proportionate for a configuration-and-audit helper.
Instruction Scope: noteSKILL.md correctly instructs validating and auditing the chitin-trust-channels.yaml and integrating a 'resolve before responding' step into AGENTS.md. Important: the skill only supplies static scripts and guidance — it does not itself enforce runtime capability restrictions inside an agent. Users must integrate the resolve step into their agent runtime to enforce ceilings; otherwise the guidance is advisory only.
Install Mechanism: okInstruction-only with small included Python scripts; no install spec, no downloads, no external package pulls. Low friction and low risk from installation.
Credentials: okNo environment variables, credentials, or config paths are requested. Scripts read only the provided YAML config and produce console output. There is no network or external endpoint usage.
Persistence & Privilege: okSkill is not always-enabled and does not modify other skills or system-wide settings. It doesn't persist secrets or change system configuration; it only reads a user-provided config file.