Back to skill
Skillv1.0.0
ClawScan security
Luke Agent Directory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 7:41 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only directory that only points agents to public JSON and skill.md URLs and does not request credentials or install software; its declared behavior is consistent with its contents.
- Guidance
- This directory skill itself is lightweight and coherent: it only points your agent at a public services.json and to other services' skill.md files. Before you let an agent automatically 'follow' or execute instructions from any fetched skill.md, review that skill.md manually and avoid providing secrets (API keys, SSH keys, AWS creds) to untrusted services. Consider limiting autonomous agent actions or sandboxing network calls if your agent may execute third-party skill instructions. Also note the minor metadata/version mismatch in the package (likely benign) — if provenance matters, verify the publisher on ctxly.com.
Review Dimensions
- Purpose & Capability
- okThe name/description (agent directory) match the SKILL.md content (instructions to curl services.json and fetch other skill.md files). The skill does not request unrelated binaries, env vars, or config paths. Minor packaging metadata inconsistencies exist: the registry metadata lists ownerId 'kn78xvt3...' and version 1.0.0 while _meta.json contains a different ownerId and version 1.2.0 — this is likely a publishing/metadata mismatch but does not change runtime behavior.
- Instruction Scope
- noteInstructions are limited to fetching a public directory JSON and fetching other services' skill.md files over HTTPS. They do not ask the agent to read local files, environment variables, or otherwise access system state. Note: the directory explicitly directs agents to retrieve and follow third-party skill.md files — executing instructions obtained from other domains can be risky if those remote skill.md files request sensitive data or perform privileged operations. That risk stems from following external skills, not from this directory itself.
- Install Mechanism
- okNo install spec or code is included (instruction-only). Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for secrets or tokens.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system changes or permission to modify other skills. It is user-invocable and can be called autonomously per platform defaults.