Skillv3.0.2

ClawScan security

Awesome Cloudflare · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 24, 2026, 1:11 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only reference tool whose included script only prints local documentation; its requirements and behavior are internally consistent with its stated purpose.
Guidance: This appears to be a safe, self-contained documentation/reference skill. Before installing, you may want to: (1) confirm you are comfortable with the skill being able to run its small shell script (it only prints docs), (2) run the script in a sandbox or locally to verify output, and (3) avoid granting any unrelated environment variables or filesystem access to the skill. The only issues found are minor metadata version inconsistencies and a generic quickstart phrase mentioning "access credentials" (the skill itself does not request any). If you need absolute assurance, inspect the included script directly (it contains only heredoc text and a basic command dispatcher).

Review Dimensions

Purpose & Capability: okName/description: a Cloudflare reference. Declared requirements: none. The included script and SKILL.md only produce static reference text and offer command-driven help. There are no requested credentials, binaries, or unrelated dependencies that would be unexpected for a documentation/reference skill. Minor note: metadata versions in SKILL.md (3.0.1) and script VERSION (3.0.0) differ from registry version (3.0.2) — this is a bookkeeping inconsistency but not a functional mismatch.
Instruction Scope: okSKILL.md explicitly states commands output plain-text via heredoc with no external API calls or network access. The runtime script's functions only emit heredoc content and do not read other files, environment variables, or system configuration. The script does parse CLI arguments but does not perform I/O beyond stdout and exit codes. One minor textual inconsistency: the quickstart section mentions "Required tools and access credentials" in a generic way, but the skill does not actually request credentials.
Install Mechanism: okNo install spec (instruction-only) and the only code is a small local shell script; nothing is downloaded or extracted from external URLs. This is the lowest-risk install pattern.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The script does not reference environment variables or secrets. Requested privileges are proportional (none).
Persistence & Privilege: okalways:false and normal autonomous invocation allowed (default). The skill does not request permanent presence or modify other skills or system configuration. No privileged operations are present in the code.