Skillv1.0.0

ClawScan security

Skill Miner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 16, 2026, 12:52 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only, research-and-template guide that stays consistent with its stated purpose and does not request credentials, installs, or perform unexpected actions.
Guidance: This is an instruction-only guide for safely researching ClawHub skills and creating your own clean implementations; it's coherent and does not request secrets or install code. Before using it, confirm you have a trusted 'clawhub' CLI (the skill assumes you will run clawhub search/inspect/explore) and that any 'skill-creator' tooling you use is trustworthy. Remember that running clawhub inspect/search communicates with the ClawHub service — verify that service and the skill owners you inspect are reputable. The SKILL.md is guidance only: it won't execute by itself, but an agent that follows it may run the referenced CLI commands, so control whether the agent is allowed to run external CLIs or make network requests. If you want stronger guarantees, manually perform the inspect steps and avoid running clawhub install on untrusted skills; when building replacements, keep dependencies minimal and avoid executing downloaded code.

Purpose & Capability: okName/description match the content: SKILL.md focuses on discovering skills on ClawHub, inspecting metadata, analyzing approaches, and building clean replacements. It does not request unrelated credentials, binaries, or system access.
Instruction Scope: noteInstructions are narrowly scoped to using the clawhub CLI (search, explore, inspect) and to a 'skill-creator' step for building implementations. The skill does not instruct reading local config or secrets. Minor note: it references external tools (clawhub, skill-creator) but the metadata doesn't declare those as required binaries — this is an omission in metadata rather than a functional mismatch.
Install Mechanism: okNo install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself, which minimizes install risk.
Credentials: okThe skill declares no environment variables, credentials, or config paths and the instructions do not request secrets. Recommended CLI calls will communicate with ClawHub but do not require sensitive local credentials.
Persistence & Privilege: okSkill is not force-included (always:false) and makes no requests to modify agent or system-wide configuration. Autonomous model invocation is allowed by platform default but the skill's instructions do not request elevated persistence or cross-skill config changes.