Back to skill
Skillv2.0.2
ClawScan security
Trivia · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 10:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are coherent with a local trivia/logging utility that stores data under the user's home directory and does not request external credentials or network installs.
- Guidance
- This skill appears internally consistent and runs entirely on your machine, writing logs and exports to ~/.local/share/trivia. Before installing, be aware that any text you pass to commands (questions, answers, config notes) is stored and searchable — avoid entering secrets or sensitive data. If you want extra assurance: inspect the full script (already included) for any future updates, verify file permissions on the data directory, and consider running the script in a confined environment (or with a test account) before using it with real production data.
Review Dimensions
- Purpose & Capability
- okName/description (host trivia rounds, scoring, boards) match the included script and SKILL.md: the tool logs commands, manages local data, exports and searches logs. There are no unrelated credentials, binaries, or install steps requested.
- Instruction Scope
- noteSKILL.md and the script instruct the agent to read/write only local files under ~/.local/share/trivia, run simple text-processing commands, and produce exports; this is within the stated purpose. Note: all user inputs are recorded verbatim in log files and searchable/exportable, so entering sensitive data into commands would persist locally and be discoverable.
- Install Mechanism
- okNo install spec — instruction-only with a provided shell script. No remote downloads or package installs are performed, so no high-risk install behavior is present.
- Credentials
- okSkill requests no environment variables, credentials, or config paths beyond a per-user data directory (~/.local/share/trivia), which is appropriate for a local logging/utility tool.
- Persistence & Privilege
- okalways is false and the skill does not modify other skills or system-wide settings. It persists data only in the user's home directory (creates and writes log/export files), which is expected for this tool.