Back to skill
Skillv0.1.0
ClawScan security
Jane Street Puzzle Archivist · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 4:05 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, files, and instructions are internally consistent with its stated purpose of archiving and managing Jane Street puzzles; it is instruction-only and asks no credentials or installs.
- Guidance
- This skill is coherent, but it instructs the agent to execute local Python scripts and to write/update repository files. Before installing or running it: (1) inspect the referenced scripts (scripts/current_puzzle.py, scripts/index_reference_repos.py) to confirm they do only the expected repo tasks and do not exfiltrate data or access unrelated system files; (2) verify any submission process (where answers are sent) is explicit and trusted; (3) consider running initial operations in a sandbox or on a copy of your repo to avoid accidental commits or exposure; and (4) backup important files before letting an autonomous agent modify repository content.
Review Dimensions
- Purpose & Capability
- okThe name/description match the SKILL.md workflow: inspecting the current puzzle, indexing reference repos, solving in month folders, and recording submissions. There are no unrelated credentials, binaries, or install steps requested.
- Instruction Scope
- noteThe runtime instructions direct the agent to run local Python scripts (scripts/current_puzzle.py, scripts/index_reference_repos.py) and to read/update repository files. Those scripts are not included in the manifest shown here, so the agent will execute repository-provided code — which is expected for this workflow but means you should review those scripts before running to ensure they don't access secrets, network endpoints, or other unexpected paths.
- Install Mechanism
- okNo install spec or external downloads — instruction-only skill, so nothing is written or fetched by the skill system itself.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. There are no disproportional or unrelated secret requests.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent/privileged platform presence or attempt to modify other skills or global agent settings.