Back to skill
Skillv1.0.2
ClawScan security
Workflows · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 1:29 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only playbook for authoring and running sandbox workflows; its requirements and instructions are internally consistent with that purpose.
- Guidance
- This is a coherent operations playbook for creating and running sandbox workflows. It does describe and rely on workflow step capabilities that can execute shell commands, read and write files, and access KV/SQL; those are normal for a workflow system but mean you should never run unreviewed workflows. Before installing/using: (1) Confirm the 'workflow' CLI/runtime you will call is the expected/trusted tool on your system, (2) review any .ts workflow definitions in /workspace/.harness/workflows for untrusted exec/fs/kv usage, (3) keep secrets out of workflow code and logs, and (4) require explicit permission scopes and least privilege for any steps that perform writes or external actions.
Review Dimensions
- Purpose & Capability
- okName/description (workflow authoring, running, evaluating) match the content: CLI commands, workflow file locations, run artifacts, and evaluation/optimize loop are all directly relevant. No unrelated credentials, binaries, or installs are requested.
- Instruction Scope
- noteThe SKILL.md and references describe workflow step types that include powerful runtime primitives (exec, fs.promises.*, kv.*, sql, callTool). This is expected for a workflow engine because steps must run shell commands, read/write files, and use KV/SQL. Because the playbook instructs authors/operators to scaffold/open workflows in /workspace/.harness/workflows and to validate/run them, you should review workflow code before executing runs—steps can execute arbitrary host commands and access files.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files to write to disk. Low installation risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The playbook explicitly advises least-privilege and not including secrets in logs or skill text.
- Persistence & Privilege
- okSkill does not request always:true, does not modify other skills, and is user-invocable only. No long-lived privileges or autonomous persistence are requested.