Back to skill
Skillv1.1.1
ClawScan security
log · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 4:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only logger protocol whose requirements and instructions are consistent with its stated purpose and do not ask for extra credentials or installs.
- Guidance
- This skill is a logging/provenance specification and is internally coherent, but the host environment is responsible for enforcing redaction, storage, and approval flow. Before enabling: 1) verify your host will not forward logs to external services and will store them according to your privacy policy; 2) test with non-sensitive inputs to confirm the agent redacts secrets and does not emit chain-of-thought; 3) if you allow 'source_references' that include user prompts or local filenames, ensure those references do not accidentally leak sensitive content; 4) prefer host-side enforcement of approval gates rather than relying on the skill's textual rules alone.
Review Dimensions
- Purpose & Capability
- okThe skill declares a provenance/logging purpose and only provides instructions for emitting a structured audit record; it requests no binaries, env vars, or installs — all proportional to a logging protocol spec.
- Instruction Scope
- noteThe SKILL.md stays within logging scope and explicitly forbids secrets and chain-of-thought. One ambiguity: examples show source_references such as "user_prompt" and "local:file_a.md" which could surface sensitive user content or local filenames. The spec requires redaction but enforcement is left to the host; hosts should ensure agents actually redact and avoid including raw sensitive content.
- Install Mechanism
- okInstruction-only (no install spec, no code files to execute). This minimizes filesystem/network risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested; the declared requirements are minimal and appropriate for a logging/provenance specification.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated privileges. Model invocation is allowed (default) but that is expected for an agent-invocable skill and not, by itself, a concern.