Skillv1.0.0

ClawScan security

Trust · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 12:36 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only advisory skill for diagnosing and improving trust; its declared requirements, instructions, and absence of installs or secrets are coherent with that purpose.
Guidance: This skill appears coherent and low-risk because it's a text-only advice framework with no code, installs, or secret requirements. Before installing, remember: (1) advice is generic—validate recommendations against your legal/privacy/HR policies before acting; (2) do not paste sensitive credentials or private documents into prompts when using the skill; (3) if you expect the agent to act on behalf of users (send emails, change systems), prefer skills that explicitly declare those integrations and required credentials. Otherwise this instruction-only skill is appropriate for generating trust diagnoses and plans.

Purpose & Capability: okThe name and description match the SKILL.md: it provides frameworks, diagnostics, and tactical advice about trust. There are no unrelated dependencies, binaries, or env vars requested.
Instruction Scope: okThe runtime instructions are purely advisory (diagnosis, plans, frameworks). They do not instruct the agent to read files, access environment variables, call external endpoints, or perform system actions outside the stated domain.
Install Mechanism: okNo install specification or code files are present. Being instruction-only means nothing is written to disk or downloaded during install.
Credentials: okThe skill requests no environment variables, credentials, or config paths; that is proportionate for a counseling/diagnostic skill.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request persistent system privileges or to modify other skills; autonomous invocation is allowed by platform default but not additionally privileged here.