Skillv1.0.0

ClawScan security

Router NIMIMORE · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 1:29 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and manifest are internally consistent: it is a local, heuristic-based model router that does not request credentials, perform network access, or install extra software.
Guidance: This skill appears to be a simple, local heuristic router and is internally consistent with its description. If you install it: (1) review the GitHub repository referenced in skill.json (the provided metadata initially showed 'unknown' which is a minor inconsistency); (2) run the included tests (scripts/test.py) locally to verify behavior; (3) confirm how your platform passes query text to the tool commands (skill.json tool commands may need argument wiring); and (4) monitor future updates for any added network or credential usage—those would change the security profile. Otherwise, there are no immediate credential or network-exfiltration concerns in the current code.

Review Dimensions

Purpose & Capability: okThe name/description (smart model router) matches the included code and README: simple heuristics pick a model from the bundled model list. There are no unrelated environment variables, binaries, or config paths requested. Minor metadata inconsistency: skill metadata provided to you said 'Source: unknown' and 'Homepage: none' while skill.json points at a GitHub URL; this is a bookkeeping/inventory mismatch but not a functional or security problem.
Instruction Scope: okSKILL.md instructs the agent to run the included Python scripts and provides example CLI usage. The runtime instructions and scripts operate only on the provided query string and internal heuristics; they do not read environment variables, system files, or make network calls. Note: the tools entries in skill.json use static commands like 'python scripts/router.py --query' without showing how query text is passed by the platform — this is a functional/interop detail, not a security risk.
Install Mechanism: okNo install spec is provided (instruction-only installation). The package includes local Python scripts but does not download or extract remote artifacts, nor does it install third-party packages. There are no suspicious external URLs or archive extracts.
Credentials: okThe skill declares no required environment variables, no primary credential, and the code does not access os.environ or other secrets. The set of requested capabilities (none) is proportionate to the stated purpose.
Persistence & Privilege: okThe skill does not request permanent inclusion (always:false) and does not modify other skills or system-wide configuration. It does not persist credentials or enable background services.