Back to skill
Skillv2.0.0
ClawScan security
Systematic Debugging · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 9:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only debugging methodology that asks for no credentials, installs nothing, and stays within the scope of debugging best-practices.
- Guidance
- This skill is a methodology guide and is internally coherent. It does not require credentials or install anything automatically. Before you act on its suggestions: (1) avoid blindly running or pasting commands into privileged shells—review them first; (2) if you choose to follow the README's git clone, inspect the cloned repository before running any scripts or code; (3) when editing/commenting code follow normal safety practices (commit or backup first) to avoid accidental data loss. If you allow autonomous agent actions, ensure the agent's execution environment is appropriately restricted so it cannot modify or exfiltrate unrelated sensitive data.
Review Dimensions
- Purpose & Capability
- okName/description (systematic debugging) matches the content of SKILL.md: a 4-phase debugging process. Nothing requested (env, binaries, installs) is unexpected for a debugging guide.
- Instruction Scope
- okRuntime instructions are strictly about observing, isolating, hypothesizing, and verifying bugs. Commands referenced (npm test, tail logs, git bisect, print statements) are appropriate for debugging and do not instruct collection or exfiltration of unrelated data. They do reference local logs (e.g., /var/log/app.log) and editing/commenting code, which are normal debugging actions.
- Install Mechanism
- noteThere is no install spec (instruction-only), so nothing is written to disk by the skill itself. README suggests a git clone of a GitHub repo — that is an optional manual action and not enforced by the skill, but cloning/running external code carries the usual risks and should be reviewed before use.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The instructions reference common local artifacts (logs, repo, tests) that are proportional to debugging tasks.
- Persistence & Privilege
- okalways is false and the skill has no install or files that persist beyond the SKILL.md/README. It does not request system-wide configuration changes or cross-skill credentials.