Skillv1.0.1

ClawScan security

stream-formatter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 3:30 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (streaming output formatting) and request no extra secrets or installs; the only notable external dependency is a pinned zod import from deno.land which is proportionate to the implementation.
Guidance: This skill appears coherent and low-risk: it only formats streaming text, uses an in-memory buffer, and requires no secrets. Two practical checks before installing: (1) confirm your runtime environment is comfortable fetching a pinned module from deno.land (the skill imports zod@v3.22.4) — if your policy forbids remote imports, request a vendored/local dependency instead; (2) test the skill with non-sensitive text to validate behavior (deduplication and buffer handling) before using it with production data. If you need higher assurance, you can audit or vendor the zod dependency or run the code in a sandboxed environment.

Review Dimensions

Purpose & Capability: okName/description (streaming formatter for LLM output) align with the provided SKILL.md, README, and index.ts implementation. All declared capabilities (buffering, markdown fixes, sentence break logic, deduplication) are implemented in the code. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md instructs the agent to call the skill with actions init/process/reset and to supply streaming chunks from llm.streamResponse. The instructions do not ask the agent to read files, environment variables, or system state outside the scope of streaming text processing. There is no guidance to transmit data to external endpoints beyond returning the formatted output.
Install Mechanism: noteThere is no explicit install spec. The code imports zod from a pinned deno.land URL (https://deno.land/x/zod@v3.22.4). This is a common, traceable dependency host and the version is pinned; it does cause a runtime fetch of third-party code when executed. This is expected for a Deno/TypeScript skill but is worth noting since it pulls code at runtime.
Credentials: okThe skill declares no required environment variables, credentials, or config paths and the code does not read process.env or other secrets. The requested privileges are minimal and proportional to its stated purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent system changes, modify other skills, or write to global agent settings. Its state is limited to in-memory buffers (buffer, lastOutput, config).