Skillv1.0.1

ClawScan security

Deep Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 30, 2026, 7:03 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and lightweight Python ledger align with its stated purpose of structured, auditable research and do not request disproportionate credentials or install arbitrary code.
Guidance: This skill is internally consistent and mainly provides guidance plus a small Python ledger. Before installing: (1) verify you trust the repository source; (2) run the included unit tests in a sandbox or CI to confirm behavior; (3) be cautious when giving the agent access to your browser, network, or local files — the skill expects the agent to fetch web/GitHub content and may record paths you provide into its run directory; (4) do not place secrets in ledger entries or SKILL.md; and (5) if you need stronger guarantees, run the ledger and any agent actions in an isolated environment so web retrieval or repository inspection cannot access sensitive local data.

Review Dimensions

Purpose & Capability: okThe name/description (deep research, audits, GitHub/paper checks) match the included artifacts: a SKILL.md describing research workflows, reference docs, and a small standard-library Python 'research_ledger.py'. The declared binary requirement (python/python3/py) is appropriate for the bundled script.
Instruction Scope: noteSKILL.md instructs the agent to perform wide retrieval across web pages, papers, GitHub, and local files — which is expected for this skill. It does not instruct reading unrelated system config or secrets, and explicitly warns against executing code from researched repos. Note: the skill assumes the agent has external retrieval tools (browser/HTTP/GitHub access) available; the ledger itself does not perform network requests.
Install Mechanism: okThere is no install spec and no downloads. This is an instruction-first skill with a small Python script that uses only the standard library, so nothing is being fetched or executed from untrusted URLs during install.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. Its scope includes inspecting local files when the user explicitly provides them; asking for local-file evidence is proportional to research tasks and is not requested by default.
Persistence & Privilege: okThe skill is not forced-always, does not request elevated privileges, and does not modify other skills or system-wide settings. It writes run artifacts to user-specified output directories (normal for a ledger tool).