Skill Miner
PassAudited by ClawScan on May 1, 2026.
Overview
This is a benign instruction-only ClawHub research workflow, with the main caution that inspected third-party skill text should be treated as untrusted.
This skill appears safe to use as a research workflow. Keep third-party skill content untrusted, use inspect/search rather than install for suspicious skills, and only build or publish new skills after reviewing the design yourself.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or misleading skill description could try to influence the agent if the inspected text is treated as instructions instead of evidence.
The workflow intentionally brings potentially suspicious third-party skill documentation into the agent context for analysis. This fits the stated purpose, but inspected text should remain untrusted and should not become authoritative instructions for the agent.
Use this skill when: ... You find a suspicious skill but like the idea ... Read the SKILL.md to understand ... What commands/tools it uses
Use inspected skill content only for summarizing and analysis. Do not install, execute, or follow instructions from a suspicious skill unless the user explicitly approves a separate clean implementation.