Skillv1.0.0

ClawScan security

clawhub-recommender · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 11, 2026, 2:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only recommender that reads its packaged reference files and suggests ClawHub skills; it does not request credentials, install code, or contact external endpoints itself.
Guidance: This skill is coherent and low-risk as packaged: it uses only the included reference files to generate recommendations and does not ask for credentials or install code. Before installing or following any recommendation it produces, review the recommended skills' pages yourself — some recommended skills (for example 'capability-evolver' or connectors like 'wacli') can have powerful/automated capabilities and may require additional permissions or carry operational risk. Also verify that your agent environment will expose the skill's reference files at the paths shown (the SKILL.md uses absolute /home/ubuntu/... paths). If you want extra assurance, inspect the linked skill pages and their install commands before running them.

Purpose & Capability: okThe name/description (recommend ClawHub skills) matches the provided artifacts. The skill is instruction-only and only requires reading bundled reference files to produce recommendations; no unrelated binaries, env vars, or external credentials are requested.
Instruction Scope: noteRuntime instructions explicitly direct the agent to read local files at /home/ubuntu/skills/clawhub-recommender/references/*. Those reference files are included in the bundle. This is expected for a recommender, but the instructions assume a specific absolute path and an Ubuntu-like layout — if the agent runs in a different environment the paths may not exist. The instructions do not direct the agent to read arbitrary system files, secrets, or send data to unknown endpoints.
Install Mechanism: okNo install spec or downloads are present (instruction-only). Nothing will be written to disk or executed beyond normal agent behavior, so install risk is low.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The data it needs (reference markdown files) are bundled with the skill, so there is no disproportionate access requested.
Persistence & Privilege: okThe skill does not request always:true, does not write persistent configuration, and leaves autonomous invocation at the platform default. It does not claim system-wide privileges or modify other skills.