Back to skill
Skillv1.0.0
ClawScan security
Ru Pack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 10:32 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Russian-language pack that does what it claims (document explanation, ЖКХ, analyses, complaints, official-language simplification, simple tax math) and requests no installs or credentials — but it will process whatever sensitive documents you paste, so treat input privacy carefully.
- Guidance
- This skill appears internally consistent and low-risk because it is instruction-only and requests no credentials or installs. However, it is intended to process private documents (contracts, utility bills, medical analyses, tax info). Before using: 1) Do not paste full personally identifying details (passport numbers, bank card numbers, complete INN/KPP) unless you trust the environment; redact or replace sensitive identifiers where possible. 2) For legal, tax or medical decisions, treat outputs as informational and consider professional review. 3) Note there is no homepage or owner information beyond an ID — if provenance matters, ask the publisher for contact or more transparency. 4) Because it runs as an agent instruction, it will see anything you give it; no code is installed locally, but platform privacy settings determine how model data is handled.
Review Dimensions
- Purpose & Capability
- okName/description align with the SKILL.md: the package lists six sub-skills that match examples and use-cases. There are no unexpected required binaries, env vars, or config paths.
- Instruction Scope
- okSKILL.md is a short instruction-only manifest that tells the agent to choose the appropriate sub-skill based on user input; it does not instruct the agent to read unrelated files, access credentials, or call external endpoints beyond the normal model runtime. Note: the skill expects users to supply documents (contracts, bills, medical results, tax numbers), so it will handle sensitive data the user provides.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or downloaded. This is the lowest-risk install posture.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The declared requirements are proportional to the stated purpose.
- Persistence & Privilege
- okalways:false (default) and autonomous invocation is not disabled (the platform default). The skill does not request persistent or elevated platform privileges.