Skillv2.2.0

ClawScan security

editor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 6:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions align with an editing tool: it asks for no credentials, does not install software, and its SKILL.md tells the agent to perform editing — the included Python script is a harmless output scaffold.
Guidance: This skill appears internally consistent and low-risk: it contains only editorial instructions and a tiny script that prints a structured scaffold. A few practical notes before installing: 1) The actual rewriting is performed by the agent/LLM following SKILL.md, so review how your agent provider will handle the text (privacy/retention) if you send sensitive content. 2) The included Python script does not perform edits — tests you run should use the agent behavior described in SKILL.md, not rely on the script to transform text. 3) If you want to prevent autonomous invocation, adjust agent/skill policies (this skill being able to be invoked autonomously is platform-default, not a sign of maliciousness). If you have confidential material, try the skill first on non-sensitive samples to confirm it behaves as you expect.

Purpose & Capability: noteThe name/description and SKILL.md describe an editing assistant that relies on the agent (LLM) to rewrite user-provided text. The package requests no credentials or binaries. One minor mismatch: scripts/render_output.py is only a simple scaffold that echoes input rather than performing edits, but that is consistent with an instruction-first design where the model does the actual editing.
Instruction Scope: okSKILL.md confines behavior to refining user-supplied text, choosing a context label, and returning structured output. It does not instruct reading unrelated files, environment variables, or sending data to external endpoints.
Install Mechanism: okThere is no install spec (instruction-only), so nothing is downloaded or written to disk beyond the tiny included scaffold script. This is low-risk and proportional for the stated purpose.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The SKILL.md and script do not reference hidden env vars or secret material.
Persistence & Privilege: okThe skill is not always-enabled and requests no elevated system presence. It does not modify other skills or system configuration. Autonomous invocation is allowed by default (platform standard) but not combined with other red flags.