Back to skill
Skillv3.0.1
ClawScan security
Terraform Helper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 24, 2026, 1:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it provides local, static reference text for Terraform-related topics and does not request credentials, network access, or risky installations.
- Guidance
- This skill appears to be a harmless, local reference tool implemented as a bash script that prints static documentation. Before installing or enabling: review the included script (already provided) to confirm it matches expectations, note the minor version mismatch in the script versus metadata (likely benign), and, if your agent will execute arbitrary shell scripts, run it in a sandbox or with least privilege to confirm behavior. No credentials or network access are required by the skill.
Review Dimensions
- Purpose & Capability
- okName/description (Terraform reference helper) align with the provided assets: SKILL.md and a single shell script that print static documentation. Nothing in the repo requests unrelated cloud credentials, binaries, or system access.
- Instruction Scope
- noteSKILL.md explicitly states all outputs are plain-text heredocs with no external calls; the included scripts/script.sh implements that behavior (static heredocs, no network, no file reads). Minor inconsistencies: SKILL metadata lists version 3.0.1 while the script's VERSION is 3.0.0; show_help uses a single-quoted heredoc which prevents $VERSION expansion (functional but indicates small maintenance sloppiness).
- Install Mechanism
- okNo install spec is present (instruction-only). The single shell script will only be executed if the agent runs it; nothing will be downloaded or extracted from remote sources.
- Credentials
- okThe skill declares no required environment variables, no credentials, and the script does not read environment variables or configuration files. Requested privileges are proportional (none).
- Persistence & Privilege
- okalways is false and disable-model-invocation is not set. The skill does not request persistent presence or modify other skills or system settings.