Back to skill
Skillv1.0.0
ClawScan security
Inversion Strategist · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:26 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only 'inversion' brainstorming skill; its files, instructions, and requirements align with the stated purpose and it does not request credentials, install code, or reach out to external endpoints.
- Guidance
- This is a lightweight, instruction-only skill for structured brainstorming (inversion). It appears internally consistent and does not ask for secrets or install code. Before enabling, consider: (1) avoid feeding any sensitive credentials or private data into prompts to any skill; (2) be mindful that enumerating 'failure paths' could reveal sensitive operational weaknesses — do not use this to plan or expose harmful actions; (3) if you later combine this skill with others that do have network/credential access, review those other skills for appropriate permissions.
Review Dimensions
- Purpose & Capability
- okName/description (flip problems via inversion) match the SKILL.md and example files, which provide only procedural guidance and templates. Nothing requested or included (no env vars, no binaries, no code) is unrelated to the stated purpose.
- Instruction Scope
- okRuntime instructions are limited to asking questions, listing failure paths, categorizing them, and producing checklists. The SKILL.md does not instruct the agent to read system files, environment variables, or transmit data to external endpoints.
- Install Mechanism
- okNo install specification and no code files (instruction-only). Nothing will be written to disk or fetched at install time, which minimizes surface area for unexpected behavior.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There are no disproportionate credential or secret requests.
- Persistence & Privilege
- okalways is false and the skill is user-invocable (normal). It does not request persistent privileges or try to modify other skills or system configuration.