Skillv1.0.1

ClawScan security

Developer Docs Framework · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 4:25 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: An instruction-only documentation framework whose files, triggers, and instructions are consistent with its stated purpose and do not request extra credentials, installs, or system access.
Guidance: This skill appears internally consistent and low-risk because it's a collection of Markdown rules, templates, and guidance with no installs or credential requests. Before enabling: 1) Verify the source repository (metadata lists a GitHub URL and an author) if you want provenance or to check licensing/attribution; 2) Review a few templates and code examples to confirm they are copy-pasteable and appropriate for your stack (the framework emphasizes runnable examples and CI testing); 3) Note the skill's instruction that its rule files be treated as authoritative — if you have other organizational style guides or compliance needs, ensure the skill's defaults won't override them; 4) Because the skill can be invoked by the agent, consider when it should be eligible (e.g., enable only for projects where you want automated doc guidance). No environment variables or installs are required, so there is no credential-exfiltration risk from this skill as packaged.

Review Dimensions

Purpose & Capability: okThe skill is a documentation framework (Diataxis + style guides + templates). It declares no binaries, no environment variables, no config paths, and contains many Markdown reference/rule files — all of which are appropriate for a docs framework. Nothing requested by the skill appears unrelated to its stated purpose.
Instruction Scope: noteSKILL.md and companion files instruct the agent to use the included rules and templates as the source of truth for writing/planning/auditing docs. This is coherent for the skill's purpose. One thing to note: the skill explicitly tells the agent not to fall back on other training data when those conflict with its rules—this is a functional design choice (not a security risk) but could cause the agent to prefer the skill's guidance over other trusted sources. The instructions do not ask the agent to read or transmit external secrets or system files.
Install Mechanism: okNo install spec and no code files that execute — the skill is instruction-only (Markdown files). That results in minimal disk/write risk. All included files are documentation text; there are no download URLs, extracted archives, or package installs to evaluate.
Credentials: okThe skill requires no environment variables, no credentials, and no config paths. There are no requests for sensitive tokens or unrelated service keys. The requested resources are proportionate to a documentation/template skill.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent or system-wide privileges. It is agent-invocable by default (disable-model-invocation is false), which is normal for skills; however user-invocable is false and agentic is false per the metadata. There is no indication it modifies other skills or global configuration.