Skillv1.0.0

ClawScan security

Rag Chunking Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 12:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requirements are coherent with its stated purpose (analyzing a document corpus and recommending chunking strategies); it is instruction-only, requests no credentials, and doesn't attempt unrelated actions.
Guidance: This skill is instruction-only and appears coherent for optimizing RAG chunking. Before running it: (1) confirm the workspace path it will analyze (it uses docs/) and ensure those files are intended to be read (do not run against folders containing secrets); (2) if you plan to use semantic chunking or embedding-based evaluation, make sure your agent/environment has the appropriate API keys configured securely (the skill itself does not request them); (3) review any shell commands in SKILL.md if you will allow the agent to execute them, to avoid accidental operations on unexpected files. If you need stronger guarantees, request a version that explicitly lists required tools and the exact external APIs it will call.

Purpose & Capability: okName/description (RAG chunking optimization) match the content of SKILL.md: analysis steps, chunking strategies, metrics, and A/B test design. It does not request unrelated binaries, config paths, or credentials.
Instruction Scope: noteThe instructions are scoped to analyzing files under a docs/ directory and evaluating chunking strategies. They include shell examples (find/grep/wc), corpus profiling, and recommendations. They also assume availability of embedding models and evaluation harnesses (for semantic chunking and A/B testing) but do not direct the agent to read unrelated system files or exfiltrate data.
Install Mechanism: okNo install spec or code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials: noteSKILL.md references specific embedding models (e.g., text-embedding-3-small, ada-002, voyage-3) and evaluation steps that in practice require access to embedding/LLM APIs, but the skill declares no environment variables or credentials. This is consistent for an instruction-only skill (it relies on the agent's existing config), but users should be aware external API keys will still be needed to run semantic evaluations.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or modify other skills/system settings. It is user-invocable and does not request elevated privileges.