Back to skill
Skillv1.0.0
ClawScan security
Copyright · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 8:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, files, and requirements are coherent with a copyright advice/monitoring skill and do not request unrelated credentials or install code.
- Guidance
- This skill appears coherent and advisory-only: it provides copyright guidance, monitoring suggestions, and templates/examples without requesting credentials or installing code. Before using it, note two practical cautions: (1) monitoring features described (reverse-image search, YouTube Content ID, platform takedown submission) may require you to supply third-party API keys or platform account access — never paste private keys/passwords into the agent unless you trust the skill's source and understand how those credentials will be used; (2) DMCA takedowns, counter-notices, and litigation carry legal risk; consider having any formal notices reviewed by a qualified attorney before sending. If the skill later prompts for account tokens or asks to perform automated takedowns on your behalf, verify the destination and scope of those actions and prefer manual review before submission. Finally, the skill source is 'unknown' in the registry metadata — verify the publisher or prefer skills from known/trusted owners if that matters to you.
Review Dimensions
- Purpose & Capability
- okName/description (copyright advice, DMCA, fair use, monitoring) match the SKILL.md, examples, and heartbeat. The capabilities described (registration advice, fair use analysis, takedown handling, monitoring suggestions) are consistent with the content and declared metadata.
- Instruction Scope
- okAll runtime instructions are explanatory and advisory: how to evaluate fair use, how to draft takedowns, what to monitor. Monitoring recommendations (reverse image search, Google queries, platform tools like YouTube Content ID) are appropriate to the purpose and do not instruct the agent to read unrelated system files, access local secrets, or exfiltrate data. No open-ended commands grant broad discretionary access.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files to run. No downloads or package installs are required — minimal risk from installation.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. That is proportionate to an advisory skill. Note: some monitoring actions described will require external platform access in practice (e.g., YouTube/Google APIs), but the skill does not automatically request these.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent system presence or modify other skills. Normal autonomous invocation capability (disable-model-invocation false) is unchanged and not a concern by itself.