Back to skill
Skillv0.1.0
ClawScan security
Chemical Storage Sorter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 9:26 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated purpose (sorting chemicals by simple compatibility rules) and it does not request extra credentials, installs, or odd system access — but its classification logic is simplistic and the SKILL.md's claim of regulatory compliance is overstated, so it should not be relied on as the sole safety authority.
- Guidance
- This skill appears consistent with its stated purpose, but it uses simple keyword/example matching and does not perform SDS lookups or concentration-aware chemistry. Do NOT rely on it as the sole source for safety-critical storage decisions. Before using in production: (1) validate its classifications against your lab's SDS and EHS guidance for a representative sample of your chemicals, (2) extend or correct the keyword/example lists for lab-specific compounds, (3) confirm concentration-dependent rules (e.g., oxidizer or acid strength) with authoritative references, and (4) keep EHS or a qualified chemist in the loop for final storage decisions and regulatory compliance.
Review Dimensions
- Purpose & Capability
- okThe name/description (chemical storage sorter) aligns with the included Python implementation and SKILL.md examples. The code provides classification, compatibility checks, grouping, and a printout — these are exactly what the skill claims to do. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteSKILL.md stays within the domain (classify, check compatibility, produce storage plans) and even lists explicit do-not-use cases (unknown compositions, radioactive/biohazardous materials, SDS lookup). However the instructions assert regulatory compliance (OSHA/NFPA) while the implementation uses simple keyword and example matching; that overclaim should be treated as a functional limitation rather than an authoritative compliance guarantee.
- Install Mechanism
- okNo install spec (instruction-only) and the bundled Python script is small and self-contained. No external downloads, package managers, or remote installers are used.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The implementation does not reference external secrets or network endpoints.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system privileges or modify other skills. It's user-invocable and can be called autonomously (platform default), which is expected.