Skillv1.0.0

ClawScan security

用自然语言描述需求 → 自动生成需求文档 → 打开编辑器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 4, 2026, 3:42 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it claims—writes a requests.txt from a natural-language task and opens a local editor—nothing in the code or instructions requests unrelated credentials or network access.
Guidance: This skill appears internally consistent and does not request secrets or network access. Before using it: (1) run it in a safe or project directory to avoid overwriting an existing requests.txt, (2) be aware it will launch a local editor application (which will execute normally installed editor behavior), and (3) if you have concerns, inspect the included agent.py (it's short and readable) or run it with a harmless test task/path first.

Purpose & Capability: okThe name/description (generate a requirements file and open an editor) matches the code and SKILL.md. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: noteSKILL.md and agent.py are consistent: parse a task, write requests.txt in the specified project_path, and open an editor. Minor caveats: the skill will overwrite requests.txt in the target directory if present, and it launches a local editor process (subprocess.Popen / os.startfile / xdg-open). These behaviors are expected for the stated purpose but mean you should verify project_path before running to avoid accidental overwrites.
Install Mechanism: okNo install spec; this is instruction/code-only and does not download or install external packages or binaries.
Credentials: okNo credentials or secret environment variables are requested. The code queries PATH to detect editors, which is reasonable and proportional.
Persistence & Privilege: okalways is false and the skill does not modify other skills or system-wide agent settings. It only writes a single file in the target directory and opens a local app.