Back to skill
Skillv1.0.0
ClawScan security
Chanai Search Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 9:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and files are consistent with a public-web search workflow and do not request unexplained credentials or install arbitrary code.
- Guidance
- This skill appears coherent for public-web search: it only classifies queries, generates starter URLs, and formats reports. Before installing, confirm whether your agent (or the environment that will run these scripts) has network or shell execution rights. The docs mention a fallback that uses 'exec + curl' and include powerful search operators (e.g., searches that could locate exposed files or credentials). If you do not want the agent to perform raw HTTP fetches or arbitrary shell commands, restrict its web_fetch/shell permissions or review and remove those fallback steps. As always, review the Python scripts yourself if you need stronger assurance.
Review Dimensions
- Purpose & Capability
- okName/description match the included scripts and reference docs: intent classification, route selection, starter-URL generation, fallback rules, scoring, and report generation. The files only build/search-plan artifacts and templates; there are no unrelated credentials, binaries, or config paths requested.
- Instruction Scope
- noteSKILL.md and the scripts confine themselves to classification, URL generation, scoring, and report formatting. References contain examples using web_fetch and mention a last-resort 'exec + curl' fallback and advanced Google operators (e.g., intext:password filetype:txt). Those are within the scope of a search workflow but increase the potential for aggressive scraping or discovery of sensitive content if the agent is given network/shell privileges.
- Install Mechanism
- okNo install spec; skill is instruction+scripts only. Files are plain Python scripts (no downloads, no third-party install steps). This is low-risk from an installation perspective.
- Credentials
- okNo required environment variables, no credentials, and no config paths are requested. All network endpoints referenced are search engines or public sites consistent with the stated purpose.
- Persistence & Privilege
- okalways is false, model invocation is allowed (normal). The skill does not request persistent system privileges or modify other skills/configs.