Skillv1.0.0

ClawScan security

Clean Filenames · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 16, 2026, 8:47 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose: it only renames local files to sanitize filenames and does not request credentials, network access, or other sensitive permissions.
Guidance: This skill appears to do only local filename sanitization and contains no networking or credential access. Before installing or running it: (1) test it in a safe directory or on copies of files (it will rename files and skip conflicts), (2) back up important files in case names change in unexpected ways, and (3) note that SKILL.md references a 'clean_filenames' command while the package provides tool.py — you may need to run the script directly or create a small wrapper/installation if you want a named CLI.

Purpose & Capability: okName and description match the included tool.py which sanitizes and renames filenames; there are no unexpected environment variables, binaries, or external services required.
Instruction Scope: okSKILL.md usage examples describe running a local CLI to clean filenames; the runtime instructions and the code operate only on local file paths. Minor note: SKILL.md refers to a command named 'clean_filenames' while the distributed file is tool.py (no install spec), so users may need to run the script directly or install a wrapper — this is an operational mismatch but not a security concern.
Install Mechanism: okNo install specification is provided (instruction-only with an included tool.py). Nothing is downloaded or extracted from external URLs.
Credentials: okThe skill requests no environment variables, credentials, or config paths — consistent with a local file-renaming utility.
Persistence & Privilege: okalways is false and the skill does not attempt to modify other skills or system-wide settings. It only performs local file operations when invoked.