Skillv1.0.0

ClawScan security

Capability Graph Mapper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 7:09 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (mapping emergent capability combinations across installed agent skills) is consistent with its instructions and requirements; nothing requested appears disproportionate, but source metadata is minimal and the tool will likely need access to skill manifests or network resources when run, so verify runtime data access before installing.
Guidance: This skill is coherent: it declares and documents its purpose and needs few resources. Before installing, confirm where the agent will fetch skill manifests from and whether the analysis results are ever transmitted externally. Specifically: 1) Ask the publisher (or your admin) whether the tool will fetch manifests from the network and, if so, what endpoints it calls. 2) If you plan to run it against a live agent, ensure the agent only grants it read access to skill manifests (not to secrets, .env files, or arbitrary filesystem paths). 3) Because it uses curl/python at runtime (per metadata), run it in a sandbox or with least privilege if possible. 4) If you need higher assurance, request a source repo or a reproducible implementation so you can audit exactly what commands it runs.

Review Dimensions

Purpose & Capability: okName, description, and SKILL.md all describe analyzing installed skills and computing composition paths. The declared requirements (curl, python3) are plausible for fetching manifests and doing analysis, though no code is provided — this is explainable for an instruction-only skill that invokes system tools.
Instruction Scope: okSKILL.md focuses on enumerating declared permissions, pairwise/transitive composition, scoring, and delta analysis. It does not instruct reading arbitrary unrelated files, accessing environment variables, or transmitting results to unexpected remote endpoints. The instructions imply the agent will need access to skill manifests (local or remote), so runtime access to those manifests is expected.
Install Mechanism: okNo install spec and no code files — lowest-risk form. The skill is instruction-only, so nothing will be written to disk by an installer. The only install-related artifact is the requirement that curl and python3 be present on PATH.
Credentials: okThe skill requests no environment variables, no credential fields, and no config paths. That is proportionate to its stated purpose. Note: to perform analysis it may need read access to skill manifests or the ability to call network endpoints (curl) — these are not declared as environment/credential requirements but are reasonable runtime needs.
Persistence & Privilege: okalways is false and the skill does not request persistent system modifications. It is user-invocable and allows autonomous invocation by default (platform normal). There is no indication it modifies other skills' configurations or requires elevated, persistent privileges.