Skillv1.0.0

ClawScan security

Grant Thinking CN Biology · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 6:52 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill whose requested resources and runtime instructions match its stated purpose (reviewing biology grant ideas for Chinese funding); it does not ask for credentials, install arbitrary code, or perform unexpected actions.
Guidance: This skill is coherent and low-risk: it only provides instructions for how the assistant should reason about biology grant ideas and does not ask for credentials or run code. Before installing, you may want to: (1) review SKILL.md and examples to ensure the reasoning style fits your needs; (2) note that README suggests cloning the repo into your home directory if you want a local copy (cloning from GitHub is traceable and standard); (3) avoid pasting unpublished, sensitive experimental data into the skill responses if you are concerned about confidentiality; and (4) if you install it into a shared environment, confirm you are comfortable with the skill being available to other users there. Overall it appears internally consistent with its stated purpose.

Review Dimensions

Purpose & Capability: okThe name, description, and SKILL.md all focus on diagnosing and structuring biology grant ideas for Chinese funders (NSFC/MOST). The skill declares no binaries, env vars, or credentials and does not attempt to access unrelated services — the requested capabilities are proportionate to the stated purpose.
Instruction Scope: okSKILL.md provides detailed reasoning instructions for the assistant (funding-level fit, biological legitimacy, mechanism spine, reviewer objections, etc.). It does not instruct the agent to read local files, access external endpoints, or exfiltrate data. The instructions are scoped to analysis and rewrite/diagnosis tasks only.
Install Mechanism: okThere is no automated install spec embedded in the skill; README suggests optional git clone installation from a GitHub repository (well-known host). This is a low-risk, traceable installation method and no archive downloads or obscure URLs are used.
Credentials: okThe skill requires no environment variables, credentials, or config paths. The metadata includes an OpenAI sidecar (agents/openai.yaml) with allow_implicit_invocation set, which is a platform policy hint but does not request secrets or broader system access.
Persistence & Privilege: okalways is false and there are no requests to modify other skills or system-wide config. The skill is instruction-only and does not request permanent privileges. The OpenAI metadata allows implicit invocation, but autonomous invocation is the platform default and is not by itself a red flag.