Skillv1.0.0

ClawScan security

Standardize the de-upgrading and iteration of SKILL · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 30, 2026, 8:23 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions align with its stated purpose (detecting multi-step sessions, proposing skill creation, and managing SKILL.md change proposals); it uses local hooks and temporary files, requests no credentials, and has no hidden network exfiltration.
Guidance: This skill appears to do what it says: count per-session tool calls and optionally suggest creating a new skill when a threshold is reached. Before installing: (1) ensure you are comfortable adding the two hook commands into ~/.claude/settings.json (it's a user config change); (2) install jq (the scripts use jq but the metadata doesn't declare it); (3) clone via an HTTPS URL if you don't want to use SSH (README uses an SSH git URL); (4) review and make the scripts executable and inspect them yourself — they write counters to /tmp and remove them on Stop (if session_id is missing they fall back to a shared 'default' counter which can cause cross-session aggregation); and (5) if you need stricter isolation, modify the counter path or script to include a more robust session identifier. No credentials or external network callbacks are required by the scripts themselves.

Review Dimensions

Purpose & Capability: noteThe skill is coherent: it implements session-local hooks to count tool calls and inject a short suggestion when a threshold is exceeded, and provides CHANGE.md/Composition guidance. Minor mismatch: the hook scripts rely on jq being available but the skill metadata does not declare jq as a required binary.
Instruction Scope: okSKILL.md and README describe only counting tool calls, writing a per-session counter to /tmp, and optionally injecting one short suggestion at session end. The instructions do not read or transmit secrets, nor reference external endpoints beyond the optional git clone installation step.
Install Mechanism: noteThere is no formal install spec in the registry; README suggests git cloning the repo into ~/.claude/skills and adding entries to ~/.claude/settings.json. This is user-driven and low-risk, but it requires network access and an SSH or HTTPS-capable git client. The scripts will be placed on disk and run as hook commands (expected behavior).
Credentials: okOnly an optional SKILL_CANDIDATE_THRESHOLD env var is documented; no credentials, tokens, or unrelated environment variables are requested. The scripts read session_id from stdin (provided by the hook system) and write a per-session file in /tmp.
Persistence & Privilege: okalways is false and the skill is user-invocable. Installing the skill requires editing the user's ~/.claude/settings.json to add hooks (a normal user-level config change). The skill does not request persistent elevated privileges or modify other skills' configs autonomously.