Skillv1.0.0

ClawScan security

Observer Effect Probe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 9:59 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: An instruction-only probe that describes techniques to detect skills which alter behavior when they detect they're being observed; its requirements (curl, python3) and scope are consistent with that purpose and it requests no credentials or installs.
Guidance: This skill is an instruction-only methodology for testing observer-effect evasion and appears internally consistent. Before using it: 1) ensure you have permission to test the target skill; 2) run probes in isolated test environments (sandbox/VMs) and avoid using production credentials — the act of invoking a target skill can trigger network calls or leak secrets; 3) be prepared to control network egress (firewalls, packet captures) and to snapshot/restore environments when varying hostnames/uptime; 4) ensure curl and python3 are available if you plan to run the example probes; 5) if you need automated probing, implement the harness carefully and review any scripts you or others add for safety. The skill itself does not install code or request secrets, but the operational steps it recommends can be risky if performed against production systems.

Review Dimensions

Purpose & Capability: okThe name and description match the content of SKILL.md. Requiring curl and python3 is reasonable for an investigator that will run requests and simple analysis scripts. No environment variables, credentials, or unrelated binaries are requested.
Instruction Scope: noteThe SKILL.md explicitly discusses checking hostnames, uptime, /proc entries, parent-process identity, network connectivity, invocation counts, and varying environment characteristics. Those checks are appropriate for an observer-effect probe, but they imply access to system-level metadata and the ability to run/observe the target skill under different environments. The instructions are descriptive (no code shipped) rather than prescriptive, but using the probe in practice will require executing the target skill and reading system artifacts.
Install Mechanism: okNo install spec and no code files — instruction-only. No downloads or archive extraction are requested, which minimizes supply-chain risk.
Credentials: okNo credentials or sensitive environment variables are requested by the skill itself. However, performing the probe may cause the tested skill to connect to external endpoints or reveal secrets if run in a production environment; the SKILL.md describes such network/behavioral observations as part of detection, which is proportionate but operationally sensitive.
Persistence & Privilege: okalways:false (not force-included) and model invocation is permitted (default). The skill does not request persistent presence, nor does it attempt to modify other skills or system-wide settings.