Back to skill
Skillv2.0.3
ClawScan security
Cms · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 1:57 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an internally consistent, read-only reference tool that outputs static documentation and does not request credentials, perform network calls, or install additional software.
- Guidance
- This skill appears to be a safe, read-only reference generator: it only prints static documentation and requests no credentials. Before installing, confirm you trust the repository owner (BytesAgain) as the package includes a shell script that your agent could execute; if you have strict security requirements, run or review the script in an isolated environment or sandbox first. Also remember that the platform's agent may invoke skills autonomously by default—if you want to restrict that, adjust agent settings rather than rely on the skill's content.
Review Dimensions
- Purpose & Capability
- okThe name/description (cms reference tool) matches the provided artifacts: SKILL.md and a bash script that print reference text. There are no unrelated requirements (no env vars, no binaries).
- Instruction Scope
- okSKILL.md and scripts instruct only to output plaintext/heredoc reference docs. The included script contains only local heredocs and simple control flow; it does not read sensitive system files, access environment variables, or call external endpoints.
- Install Mechanism
- okNo install spec is provided (instruction-only). A single bash script is bundled; nothing is downloaded or extracted from external URLs.
- Credentials
- okNo environment variables, credentials, or config paths are required. The script does not reference or require secrets.
- Persistence & Privilege
- okThe skill is not always-enabled and uses normal autonomous invocation defaults. It does not modify other skills or system configuration.