Skillv1.0.1

ClawScan security

tool-call-retry · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 3:29 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an internally consistent retry-wrapper for tool calls (exponential backoff, validation, optional error-fixing) and its code, docs, and requirements align with that purpose.
Guidance: This skill appears to do exactly what it claims: wrap a provided tool function with retry/validation and optional error-fixing. Before installing, consider the following: 1) The implementation imports zod from deno.land at runtime — confirm you trust that remote dependency and version. 2) validatorFn and errorHandlerFn are user-supplied callbacks that execute arbitrary code and therefore can access any runtime secrets or make network calls; ensure callbacks you provide are safe and don't leak sensitive data. 3) Idempotency is handled in-memory only (per process); for long-lived deduplication across restarts you’ll need your own persistent store. 4) If your toolFn has side effects (database writes, payments, emails), use idempotencyKey and tune maxRetries to avoid duplicate side effects. 5) The skill logs to console and uses setTimeout for delays — no hidden network exfiltration is present in the skill itself. Overall it is coherent and small, but review/verify any callbacks you pass in and the remote zod dependency before use.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md, README, and the TypeScript implementation all describe and implement the same functionality: a retry wrapper around a provided tool function with validation, error-handler hooks, and an in-memory idempotency cache. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: okRuntime instructions and examples only describe calling a provided tool function (toolFn) and optional validator/errorHandler callbacks. The skill does not instruct reading unrelated files, env vars, or sending data to hidden endpoints. Custom callbacks (validatorFn/errorHandlerFn) run user-supplied code and therefore have normal scope to make network calls or access data in their closures — this is expected behavior for this wrapper but should be considered by the integrator.
Install Mechanism: noteNo explicit install spec; this is instruction/code-only. The implementation imports zod from deno.land via an HTTPS URL (https://deno.land/x/zod@v3.22.4). Using a well-known public host like deno.land is common, but it does mean a remote fetch of that dependency will occur at runtime — verify you trust the referenced version.
Credentials: okThe skill requests no environment variables or credentials. That matches its purpose. Note: user-supplied callbacks (toolFn, errorHandlerFn, validatorFn) run arbitrary code and may themselves access environment variables or secrets available in the runtime; that is expected but not caused by the skill.
Persistence & Privilege: noteThe skill keeps an in-memory idempotencyCache (Map) for idempotencyKey-based deduplication. This cache is process-local and ephemeral (no persistent storage/privileged behavior). 'always' is false and the skill does not modify other skills or system configs.