Back to skill
Skillv1.0.0
ClawScan security
Estate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 6:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, high-level specification that is internally consistent with its stated purpose and requests no credentials or installs.
- Guidance
- This skill is essentially a one-page specification: it asks for nothing and does nothing by itself, so immediate technical risk is low. Before using it in production, ask the publisher for concrete runtime instructions or implementation code, a privacy/security design (how titles are stored, who can access them), and source provenance. If you plan to grant it access to systems or secrets later, require explicit documentation and review of the code that will run. If you need a working feature rather than a conceptual spec, request an implementation and test plan.
Review Dimensions
- Purpose & Capability
- okThe name and description describe an asset/title management framework and the SKILL.md content enumerates related modules (Title, Legacy, RWA). There are no declared binaries, env vars, or installs that contradict this purpose.
- Instruction Scope
- noteThe SKILL.md is extremely high-level and contains no concrete runtime commands or data-access instructions. That keeps immediate risk low, but its vagueness means an agent or future code could be given broad discretion unless further restricted.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing will be written to disk or downloaded during install.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths; nothing disproportionate to the stated purpose is required.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). The skill does not request permanent presence or elevated system privileges.