Back to skill
Skillv1.0.0
ClawScan security
Python Env Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 6:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it only instructs the agent to prefer and validate a PYTHON environment variable when running Python on the host and does not request unrelated credentials, installs, or network endpoints.
- Guidance
- This skill is straightforward and safe in scope: it tells the agent to use an explicit PYTHON environment variable for running Python. Before installing or enabling it, ensure PYTHON points to the interpreter you trust (not a wrapper or malicious binary). Be aware that following its examples may cause the agent to run pip installs (network activity and package execution) — only allow that if you trust the packages and the agent's actions. Otherwise, no additional secrets or installers are required.
Review Dimensions
- Purpose & Capability
- okThe name/description state a host-specific policy for running Python; requiring a PYTHON env var (declared as primaryEnv) directly supports that purpose. There are no unrelated binaries, services, or secrets requested.
- Instruction Scope
- okSKILL.md contains concrete shell patterns for checking and using the PYTHON executable, pip usage, and a strict fallback policy. It does not instruct reading other files, harvesting environment variables, or calling external endpoints aside from normal pip installs when the agent runs pip (which is expected for package installation).
- Install Mechanism
- okNo install spec and no code files are present (instruction-only), so nothing is written to disk or downloaded by the skill itself.
- Credentials
- okOnly the PYTHON environment variable is required and justified by the skill's purpose. PYTHON here represents a path to an interpreter (not a secret); no unrelated TOKEN/KEY/PASSWORD variables are requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide changes or permissions. Model invocation defaults remain enabled (normal for skills) but this skill does not request elevated privileges.