Skillv1.0.0

ClawScan security

skill-update-delta-monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 8:35 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (detecting post‑install changes in other skills) matches the tools it requests and the runtime instructions; nothing in the manifest or SKILL.md is disproportionate or unrelated to that purpose.
Guidance: This skill appears coherent for its stated purpose. Before using it, be aware that: (1) it will need read access to skill repositories or snapshots and may clone/fetch code and manifests (network access) to compute diffs; (2) it does not request credentials up front, so you must supply any private repo or registry credentials manually if needed; (3) the tool can only surface changes (not intent)—you should review flagged deltas manually before acting (especially permission expansions or new outbound endpoints); and (4) if you allow the agent to run this skill autonomously, it will be able to access any repositories or local paths you grant it, so limit those permissions to what’s strictly necessary.

Review Dimensions

Purpose & Capability: okName/description, required binaries (git, curl, python3), and declared inputs (skill id, local directory, snapshots) align with a delta/manifest/diffing tool. Asking for git/curl/python3 is reasonable to fetch versions, clone repos, and run analysis; no unrelated credentials or system paths are requested.
Instruction Scope: noteSKILL.md is high‑level and instructs the agent to compare SKILL.md, dependency manifests, endpoints, and git history. This is coherent for the stated goal, but the instructions are broad (network fetches, repo cloning, reading skill files) so the agent will need access to skill repositories and snapshots — the user should be aware that running the skill entails reading skill code and metadata, and possibly contacting remote registries or endpoints to fetch versions.
Install Mechanism: okInstruction-only skill with no install spec or downloadable artifacts; this minimizes disk writes and arbitrary code installation and is appropriate for a monitoring/diffing skill.
Credentials: okNo environment variables, credentials, or config paths are requested. That is proportionate: the skill can operate on local snapshots or public registries without pre-provisioned secrets. If private repos/registries are required, the tool will need explicit, user-provided credentials at runtime — which is appropriate rather than baked into the skill.
Persistence & Privilege: okalways:false and default agent invocation settings are used. The skill does not request persistent system-level privileges or to modify other skills' configs. Autonomous invocation is allowed by default but not excessive given the skill's benign monitoring purpose.