Back to skill
Skillv4.0.1
ClawScan security
Pet Care · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 24, 2026, 12:48 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent and appears to be a local reference tool that does not request credentials, network access, or elevated privileges — a minor naming/version mismatch is the only notable issue.
- Guidance
- This skill appears safe and self-contained: it prints static reference text and does not access the network or require credentials. Before installing, consider whether the 'Pet Care' name matches your expectations (the content refers to a devtools-style 'pet-care' concept rather than animal care). Also note a small version mismatch between SKILL.md (4.0.1) and the script (4.0.0). If you want to be extra cautious, review the script locally or run it in a sandboxed environment; otherwise it is reasonable to install/use.
Review Dimensions
- Purpose & Capability
- noteThe declared purpose is a reference tool for 'Pet Care', and the SKILL.md and included script produce plain-text reference output via heredocs (no external integration). However, the script's text frames 'Pet Care' as a devtools-domain concept rather than animal care, which may be a naming/description mismatch the maintainer should clarify. Version in SKILL.md (4.0.1) differs from the script VERSION (4.0.0) — a minor inconsistency.
- Instruction Scope
- okSKILL.md explicitly states all commands output plain-text via heredoc and require no credentials or network access. The provided scripts only print static documentation and do not read environment variables, external files, or contact external endpoints.
- Install Mechanism
- okNo install spec is provided (instruction-only). A single helper script is included; nothing is downloaded or extracted at install time. This is low-risk.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and the script does not access env vars or secret-like config. Requested environment/credentials are proportional (none).
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent system presence or modify other skills/config. Autonomous invocation is allowed (platform default) but there are no additional privileges or persistence mechanisms in the package.