Skillv1.0.0

ClawScan security

Multi-Agent Dev Team · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 20, 2026, 5:35 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with its stated purpose (orchestrating a PM and Dev agent to produce code), but it uses file I/O and shell execution for which you should exercise normal caution (review code and credentials before use).
Guidance: This skill appears to do what it says: coordinate a PM and Dev agent to create projects. Before you use it, take these precautions: - Configure a dedicated workspace (cwd) so the agents only write in a directory you control. - Do not provide GitHub, Vercel, or other deployment credentials unless you trust the skill and are ready for it to push or deploy code. - Review generated code and commits before deploying to production — agents can introduce bugs or insecure dependencies. - If you need higher assurance, test the skill on a throwaway project and inspect the created files and commit history first.

Review Dimensions

Purpose & Capability: okThe skill's name/description (multi-agent PM + Dev workflow) aligns with the provided SOUL files and SKILL.md. The declared capabilities (spawning a Dev agent, producing code, committing to Git, running npm/git) are expected for this purpose and there are no unrelated environment variables, binaries, or config paths required.
Instruction Scope: noteRuntime instructions and the PM/Dev SOULs instruct the agent to use sessions_spawn/sessions_history, Read/Write file operations, and exec to run commands (git, npm, etc.). These actions are consistent with generating, testing, and committing code, but they do grant the agent filesystem and command-execution capabilities within the configured workspace. The skill does not instruct broad, unexpected data collection or exfiltration, but some behavior (pushing to GitHub or deploying to Vercel) will occur only if you provide external credentials.
Install Mechanism: okInstruction-only skill with no install spec and no code files to execute at install time. This is a low-risk install surface (nothing downloaded or written by an installer).
Credentials: okThe skill requests no environment variables or credentials up front. It documents optional actions (push to GitHub, deploy to Vercel) that require credentials only if you supply them; those are proportional to the stated functionality. There are no unrelated secrets or high-privilege envs requested.
Persistence & Privilege: okalways is false and the skill uses standard agent invocation. The SOULs expect to read/write project files and use sessions APIs, which is appropriate for an agent that creates and manages code. The skill does not request to modify other skills or system-wide configuration.