Skillv1.0.0

ClawScan security

Quality Convergence Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 9:34 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are coherent for a quality-assurance review engine, but the metadata sets always: true (force-inclusion) without justification — a privilege that increases risk and should be justified or removed.
Guidance: This skill itself appears to do what it says: it's an instruction-only QA/convergence engine with no network calls or credential requests. The main concern is the metadata 'always: true' which forces the skill into every agent session even when it isn't relevant. Before enabling it permanently: 1) ask the publisher why always:true is needed and request removal or narrowing (e.g., trigger keywords or explicit opt-in). 2) Verify the repository/author (package.json points to a GitHub URL) and confirm the source matches the registry owner. 3) Test the skill using only non-sensitive example inputs to confirm it respects its block conditions and doesn't leak data. 4) If your agent can access external networks or secrets, be cautious: a permanently included skill increases exposure if later changed. If the author provides a clear justification for always:true and a verified repo, confidence would increase.

Review Dimensions

Purpose & Capability: okName, description, and included files (SKILL.md, EXAMPLES.md, QUICK_REFERENCE.md, package.json) all consistently describe a guidance/analysis engine for quality acceptance and risk convergence. The skill requires no binaries, env vars, or external credentials — that matches the claimed purpose of producing structured analysis and acceptance criteria.
Instruction Scope: noteSKILL.md is self-contained and prescribes how the agent should analyze user-submitted solutions and produce three structured outputs. It does not instruct the agent to read arbitrary system files, access environment variables, or call external endpoints. It does direct the agent to examine user-provided artifacts (expected for this kind of skill) and to stop processing for unrelated queries — which relies on the agent honoring the block conditions.
Install Mechanism: okNo install spec and no code files beyond documentation are present. Instruction-only skills are lowest risk for arbitrary code execution because nothing is written to disk or fetched at install time.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. There are no requests for unrelated secrets or system access, which is proportionate to its stated function.
Persistence & Privilege: concernThe skill metadata includes always: true, meaning it will be force-included in every agent run. The SKILL.md does not provide a justification for permanent inclusion. Always:true combined with autonomous invocation increases blast radius if the skill or agent is later modified or misused; this setting is the primary reason for a 'suspicious' verdict.