Back to skill
Skillv1.0.0
ClawScan security
HR · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 5:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only HR advisory system and its instructions, lack of installs, and lack of requested credentials are consistent with that purpose.
- Guidance
- This skill appears coherent and instruction-only, but HR work often involves sensitive personal and legal matters. Before using it: (1) avoid pasting personally identifiable information (PII), payroll data, or confidential employee records into prompts; (2) treat legal or termination advice as draft-level — verify with qualified counsel for your jurisdiction; (3) review any hiring or PIP language the skill generates for bias and fairness before applying it; (4) if you plan to integrate the skill into automated workflows, limit autonomy and add human review steps and audit logging; (5) test its templates on non-sensitive examples first to ensure they match your policies and local law.
Review Dimensions
- Purpose & Capability
- okThe name and description promise HR guidance and the SKILL.md contains frameworks and step-by-step HR processes (hiring, onboarding, performance, compensation, termination, compliance). There are no demands for unrelated credentials, binaries, or platform access that would be inconsistent with an HR advisory skill.
- Instruction Scope
- okThe instructions are prose, templates, and pseudocode describing HR workflows and evaluation frameworks. The SKILL.md does not instruct the agent to read system files, access environment variables, call external endpoints, or exfiltrate data. It focuses on generating guidance, templates, and process steps — appropriate for the stated purpose.
- Install Mechanism
- okThere is no install spec and no code files; this is an instruction-only skill. That means nothing will be written to disk or downloaded during install, which is proportionate for a guidance skill.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. For an HR guidance skill that generates templates and recommendations, requesting no secrets or platform credentials is appropriate.
- Persistence & Privilege
- okalways is false and the skill is user-invocable (and may be invoked autonomously per platform defaults). There is no indication it attempts to modify agent/system config or request elevated persistent privileges.