Back to skill
Skillv2.0.4
ClawScan security
Convert · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 24, 2026, 1:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only reference tool that contains a local bash script which only prints static documentation and requires no credentials, network access, or installs.
- Guidance
- This skill appears safe and coherent for use as a local reference: it only prints static documentation and requires no credentials or network access. Minor notes: the script's internal VERSION and the SKILL.md version strings differ slightly from the registry version (likely harmless but indicates small versioning inconsistencies). As with any third-party skill, review future updates for added network calls or credential requests before installing those updates.
Review Dimensions
- Purpose & Capability
- okName/description (Convert reference for devtools) matches the included assets: SKILL.md and a bash script that emit static documentation. There are no declared credentials, binaries, or config paths that are unrelated to a documentation/reference tool.
- Instruction Scope
- okSKILL.md instructs the agent to output plain-text references via heredoc and explicitly states no external API calls or network access. The bundled script only prints hard-coded heredoc content and uses no external commands or file reads beyond standard shell builtins.
- Install Mechanism
- okNo install spec is provided (instruction-only). There is one included script file but nothing is downloaded or extracted from remote URLs. This is the lowest-risk install posture.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and the SKILL.md and script do not read environment variables or credentials. No disproportionate secret access is requested.
- Persistence & Privilege
- okalways:false (default) and the skill does not request elevated or persistent system presence. Autonomous invocation is allowed by platform default but there is nothing in the skill that leverages that to perform privileged operations.