Back to skill
Skillv1.0.0
ClawScan security
Form · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 7:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is an instruction-only, high-level specification for data/schema behavior and does not request credentials, install anything, or instruct the agent to access files or network resources — its declared purpose aligns with its content.
- Guidance
- This skill is essentially a conceptual spec: coherent with its stated purpose and low-risk as-is because it contains no executable instructions, no installs, and asks for no credentials. Before installing or enabling it for autonomous use, consider: (1) ask the author for concrete, bounded runtime steps (what files/endpoints it may touch, whether it will write schema files, example outputs), (2) avoid granting credentials or file-system access unless those are explicitly required and justified, and (3) if you are uncomfortable with broad autonomy, disable autonomous invocation or require manual approval for any actions that modify data or external systems. If you later see a version that adds commands, downloads, or env-vars, re-evaluate—those would change the risk profile.
Review Dimensions
- Purpose & Capability
- okThe name and description (schema/ontology/spec) align with the SKILL.md content, which is conceptual and focused on schema synthesis, validation, UI/interface generation, and entity binding. There are no unrelated environment requirements, binaries, or installs.
- Instruction Scope
- noteSKILL.md contains only high-level design prose and a small JSON-like primitives block; it does not contain operational commands, file paths, env-var access, or network endpoints. However the instructions are vague and permissive in intent (e.g., 'autonomous UI/UX generation' and 'entity binding'), which could be implemented to perform broad actions if later paired with code — the file itself contains no actionable steps.
- Install Mechanism
- okNo install specification and no code files are present. Instruction-only skills have minimal on-disk footprint and this one does not attempt to download or install anything.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Nothing in the SKILL.md attempts to access secrets or unrelated services.
- Persistence & Privilege
- okFlags show normal defaults (always: false, model invocation allowed). The skill does not request permanent presence or try to modify other skills or system-wide settings.