Back to skill
Skillv1.0.0
ClawScan security
Internet Lookup Verifier · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:33 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and behavior are consistent with its stated purpose (performing web lookups to verify answers); it requests no credentials, has no install steps, and stays within expected scope.
- Guidance
- This skill is instruction-only and coherent with its purpose: it performs searches and returns cited sources. Before enabling, confirm that your platform's web_search/web_fetch implementations are trustworthy and respect privacy (to avoid fetching sensitive, link-tracking, or malicious pages). If you prefer tighter control, ensure the agent's invocation policy limits when the skill can run or require user confirmation before it performs external fetches.
Review Dimensions
- Purpose & Capability
- okThe name/description (verify answers via internet lookup) aligns with the instructions: use web_search and web_fetch, extract title/URL/snippet, evaluate sources, and return a short answer with references. No unrelated binaries, env vars, or installs are requested.
- Instruction Scope
- okSKILL.md confines actions to search/fetch/evaluate web results. It does not instruct reading local files, environment variables, or sending data to external endpoints beyond retrieving public web pages. The trigger language is reasonably scoped (keywords like 'verify', 'source'), though triggers depend on the agent/system prompt.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes risk from arbitrary code or disk writes.
- Credentials
- okNo required environment variables, credentials, or config paths are declared or referenced in SKILL.md. The skill's operations (search/fetch) do not need additional secrets, so requested privileges are proportional.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent installation or elevated system privileges. It relies on platform-provided web_search/web_fetch tools, which is normal for this capability.