Back to skill
Skillv1.0.5
ClawScan security
botlearn-certify · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 7:54 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, files, and runtime instructions are coherent with a certification generator that invokes an assessment skill, parses reports, and writes HTML/MD certificates.
- Guidance
- This skill appears to do what it says: it will locate or attempt to install the botlearn-assessment skill, run a full unattended assessment, parse markdown reports, and generate HTML and Markdown certificates saved under results/. Before installing or running: 1) verify you trust the botlearn-assessment skill (the certify flow invokes it and reads its result files); 2) review and be comfortable with the included shell scripts (they perform filesystem reads and may call 'clawhub install' if the assessment is missing); 3) expect a long-running autonomous exam (30–45 minutes) when triggered; 4) ensure the agent has permission to read the assessment directory and write to this skill's results/ directory. If any of these are unacceptable, do not install or run the skill. If you want a higher-assurance review, provide the botlearn-assessment SKILL.md and sample result files for inspection.
Review Dimensions
- Purpose & Capability
- okName/description match behavior: the skill depends on botlearn-assessment, reads its INDEX.md and report files, invokes a fresh exam, parses results, and emits HTML/MD certificates. There are no unrelated environment variables or exotic binaries requested.
- Instruction Scope
- noteInstructions require invoking another skill (botlearn-assessment), waiting for a full unattended exam (~30–45 min), parsing report files, and running included shell scripts (parse-results.sh, check-assessment.sh). This is within the stated purpose but implies autonomous, long-running activity and filesystem reads of another skill's results directory — confirm you trust botlearn-assessment and are comfortable with the agent running the exam without further confirmation.
- Install Mechanism
- okNo install spec in registry; this is instruction-only plus two small scripts included in the bundle. The only install-like action is check-assessment.sh optionally calling the local 'clawhub' CLI to install botlearn-assessment if available — that is conditional and expected for dependency resolution.
- Credentials
- okThe skill declares no required env vars or credentials. It reads files under the botlearn-assessment skill directory and writes certificates to its own results/ folder. No secret exfiltration or unrelated credential requests are present.
- Persistence & Privilege
- okalways:false and default autonomous invocation are used. The skill does not request permanent system-wide presence or modify other skills' configs. It may trigger an install via clawhub only when running check-assessment.sh and only if the CLI is present.