Skillv1.0.0

ClawScan security

Deslop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 12:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (clean code diffs), but there are internal inconsistencies—most notably undeclared required tooling and vague edit/commit behavior—so proceed with caution and set operational safeguards.
Guidance: This skill appears to be what it claims (clean up generated-code 'slop'), but it has a few practical gaps you should address before allowing it to run with write access to a repo: 1) Ensure the runtime has the tools SKILL.md assumes (git, rg, bun) or update the skill to declare them. 2) Decide an explicit workflow for code edits: run in a sandboxed branch, require human review or PRs, and keep backups so changes are reversible. 3) Require CI/tests to run on any changes (the skill suggests running typechecks but behavior for commits is undefined). 4) Because the agent will run shell commands and edit files, restrict autonomous invocation or require explicit user confirmation before applying edits. If you want to use this skill, ask the publisher to add declared required binaries and clarify commit/PR/approval behavior; otherwise run it only in a controlled environment where you can review its edits.
Findings: [regex-scanner-empty] expected: The static regex scanner had no code files to analyze (this is instruction-only). This is expected for a purely documentation/instruction skill; absence of findings is not evidence of safety.

Review Dimensions

Purpose & Capability: okThe name, description, heuristics document, and workflow all align: this skill is intended to scan branch diffs and remove AI-style 'slop' while preserving behavior and style. There are no requested credentials or unrelated capabilities in metadata.
Instruction Scope: noteSKILL.md instructs the agent to run git diff, use ripgrep (rg) to build candidate lists, and run project checks (bun check, bun typecheck), then edit files and 'fix regressions'. These actions are within the stated purpose (review and edit code), but the instructions are somewhat open-ended about committing changes, authorizing edits, and what counts as an acceptable fix. The guardrails are sensible but rely heavily on subjective judgment, so human review and explicit commit/PR policies are recommended.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That minimizes installation risk.
Credentials: concernThe skill declares no required environment variables or credentials (appropriate), but SKILL.md expects tools that are not declared as required: git, rg (ripgrep), and bun. This mismatch is noteworthy because the agent may assume those tools are available or attempt to run them; lack of explicit declared binaries is an operational/integrity gap rather than a secret-exfiltration risk.
Persistence & Privilege: okalways is false and there is no install or configuration of persistent privileges. The skill does instruct modifying repo files, but it does not request system-level persistence or modify other skills/configurations.