Skillv1.0.0

ClawScan security

Secret's Safe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 7:52 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only guidance document for safe secret handling and its requirements and instructions are consistent with that purpose.
Guidance: This is a documentation-only skill that teaches reasonable secret-handling patterns; it's coherent and low-risk. Before relying on its examples, consider a small tweak: avoid expanding secrets into command-line arguments (they can appear in process listings). Prefer injecting values into the subprocess environment (exported env) or use tools/CLI options that read secrets from stdin or environment rather than placing them in argv. If you embed these patterns in a real skill, ensure you add explicit requires.env frontmatter and avoid echoing or printing secrets anywhere.

Review Dimensions

Purpose & Capability: okName and description match the content: the skill is an instructional guide for secure secret handling. It declares no env requirements, no installs, and provides patterns for other skills to adopt. There are no unrelated credentials, binaries, or install steps requested.
Instruction Scope: noteSKILL.md stays within its stated scope (environment injection, secrets manager wrappers, and audit checklists). It explicitly warns against pasting secrets into chat, logging secrets, or dumping env files. One small inconsistency: the 'safe curl' example uses shell variable expansion inside a header argument (MY_SERVICE_API_KEY="$MY_SERVICE_API_KEY" curl -H "Authorization: Bearer $MY_SERVICE_API_KEY" ...). Expanding secrets into command arguments can expose them via process listings on some systems (ps). The skill does elsewhere warn about positional args and set -x; overall the guidance is good but the example could be tightened to avoid potential process-argv exposure.
Install Mechanism: okNo install spec and no code files — instruction-only. This minimizes install risk; nothing is downloaded or written to disk by the skill itself.
Credentials: okThe skill requests no environment variables or credentials itself (it is a template/guide). Where it suggests requires.env entries for other skills, those are appropriate and proportional to the described integrations (OpenAI, GitHub, AWS, etc.). There are no unexplained secret or config path requests.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide privileges or modify other skills. It only provides guidance and recommended patterns; no privileged behavior is requested.