Back to skill
Skillv4.0.2
ClawScan security
Dream Interpreter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 24, 2026, 1:15 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions match its stated purpose (a local, read-only reference tool) and do not request credentials, network access, or elevated persistence.
- Guidance
- This skill appears coherent and low-risk: it only prints built-in reference text and doesn't need network access or credentials. As with any third-party script, review or run it in a sandbox before installing on production systems. Note minor quality issues (version string differences between metadata, SKILL.md, and the script) — not a security concern but worth checking the repository/maintainer if you require provenance assurance.
Review Dimensions
- Purpose & Capability
- okName/description (reference Dream Interpreter content) align with the provided assets: SKILL.md documents commands and scripts/script.sh implements those commands with local heredoc output. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- okSKILL.md explicitly says all output is plain-text heredoc with no external calls; the shell script only prints embedded documentation and contains no reads of user files, environment variables, network calls, or data exfiltration steps.
- Install Mechanism
- okThere is no install spec (instruction-only skill with a convenience script). No downloads, package installs, or archive extraction are present.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The runtime script does not reference any environment variables or secrets.
- Persistence & Privilege
- okalways:false and user-invocable:true (default) — the skill does not request permanent presence or attempt to modify other skills or system-wide settings.