Skillv0.1.0

ClawScan security

Skill Seo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 4:10 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requirements are consistent with an SEO/description-optimization tool; it does not request secrets or install software, but it assumes ClawHub CLI tooling and publishing credentials that are not declared and it contains tactics for gaming rankings (ethical concern, not a technical red flag).
Guidance: This skill is coherent with its stated purpose and is instruction-only (low technical risk). Before installing, note: (1) SKILL.md assumes the 'clawhub' CLI and basic shell tools — verify those are available and official; (2) publishing/inspection steps will require ClawHub authentication but the skill metadata doesn't declare required credentials — be prepared to provide CLI auth and avoid entering secrets into untrusted prompts; (3) the advice to repeatedly bump versions and 'seed' installs is a ranking-manipulation tactic (ethical/marketplace policy concern) — only follow it if it complies with ClawHub rules; and (4) test the workflow in a non-production environment and confirm you control the skill publishing rights before running 'clawhub publish.' If you want higher assurance, ask the publisher to declare required binaries and auth flows explicitly.

Review Dimensions

Purpose & Capability: noteThe SKILL.md content matches the advertised purpose (analyzing and rewriting SKILL.md for ClawHub discovery). However, the instructions repeatedly call out use of the 'clawhub' CLI and simple shell commands (head, bash snippets) while the skill metadata lists no required binaries—this is a minor mismatch: the skill implicitly expects the ClawHub CLI and basic shell utilities to be present.
Instruction Scope: noteInstructions stay within the SEO/description optimization scope (read SKILL.md, run searches/inspections, generate new description, publish). They do not instruct reading unrelated system files or exfiltrating data. They do include explicit tactics that encourage frequent version bumps and seeding installs to improve ranking (i.e., advice to 'install your own skill across your agents' and bump versions), which is manipulative behavior rather than a technical incoherence—flagged as an ethical/practice note.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so there is no installer or external archive to fetch. That is the lowest technical risk for installation.
Credentials: concernThe skill metadata declares no required env vars or primary credential, yet the runtime instructions include 'clawhub publish' and 'clawhub inspect' which normally require authentication (CLI credentials or API tokens). The omission of any declared credential requirement is an inconsistency: the skill will likely need ClawHub auth to perform publishing/inspecting but does not declare that. There's no request for unrelated secrets, but the missing declaration may cause the agent to prompt for credentials or attempt actions without clarifying expected auth.
Persistence & Privilege: okThe skill does not request persistent or elevated privileges (always:false, no config path writes, no self-enabling behavior in metadata). It does instruct publishing and version-bumping, but that is expected for its stated purpose and does not modify other skills or agent configs.