Back to skill
Skillv1.0.0
ClawScan security
Uncle Bob · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 7:35 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that provides Uncle Bob / SOLID / Clean Architecture guidance and requests no installs, credentials, or system access — its declared behavior matches its requirements.
- Guidance
- This skill is an offline, instruction-only guide for applying Clean Code, SOLID, and Clean Architecture — it does not request credentials, install software, or access files. It's coherent and appropriate for code review/refactoring tasks. As with any automated assistant guidance, review any suggested code changes before applying them to your codebase. If you want to prevent the agent from applying changes automatically, keep autonomous invocation disabled or require explicit user confirmation for edits.
Review Dimensions
- Purpose & Capability
- okThe skill name and description promise coding/principle guidance and the bundle contains only guidance files (SKILL.md and reference docs). There are no unrelated environment variables, binaries, or config paths requested — everything requested (nothing) is proportional to the stated purpose.
- Instruction Scope
- okSKILL.md contains prescriptive coding and architecture advice only. It does not instruct the agent to read arbitrary host files, access environment variables, call external endpoints, or execute OS commands. The instructions stay within the stated scope of code review/refactoring guidance.
- Install Mechanism
- okNo install spec and no code files that would be written or executed on install. Instruction-only skills present the lowest installation risk and this skill does not include downloads or install steps.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is nothing disproportionate or unexplained relative to a guidance/assistant skill.
- Persistence & Privilege
- okalways is false (default) and the skill does not request persistent system presence or elevated privileges. Autonomous invocation is permitted by default on the platform but, given the skill's harmless footprint, this presents no added incoherence.