Back to skill
Skillv2.0.0
ClawScan security
AetherLang Strategy V3 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 8:43 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent for a strategy/consulting connector that forwards user queries to an external API for processing, but it will transmit your prompt content to a third-party service (api.neurodoc.app), so do not send secrets or proprietary documents without verifying the vendor.
- Guidance
- This skill forwards whatever you type to a third-party API (api.neurodoc.app / masterswarm.net) for processing. Before installing or using it: (1) Do not include secrets, API keys, private documents, or confidential business plans in prompts—those will be transmitted to the vendor. (2) Review the vendor's privacy policy and reputation (masterswarm.net, github.com/contrario/aetherlang) and confirm retention/processing terms. (3) Test with non-sensitive queries to verify behavior and output language (primary output is Greek). (4) If you must analyze sensitive data, request an on-prem or vetted integration that explicitly supports encryption/contractual controls. If you need further checking, ask for network traffic examples, proof of ownership for the api.neurodoc.app domain, or the upstream API's data-retention SLA; those details would raise confidence if provided.
- Findings
[no_regex_findings] expected: The static scanner found no code or suspicious patterns (the skill is instruction-only). That is expected; absence of findings does not guarantee safety because prompts are forwarded to an external API.
Review Dimensions
- Purpose & Capability
- okName/description (Nobel-level strategic analysis) align with behavior: SKILL.md declares an external API-based strategy engine and provides JSON request examples. No unrelated binaries, env vars, or install steps are requested.
- Instruction Scope
- noteThe SKILL.md clearly instructs the agent to send natural-language strategy queries to https://api.neurodoc.app/aetherlang/execute and includes payload examples. The instructions do not ask the agent to read local files, environment variables, or credentials, but any user prompt content (which could include sensitive data) will be sent to the external service—this is expected for an API connector but is a privacy consideration.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files, so nothing is written to disk and no third-party packages are pulled during installation.
- Credentials
- okNo environment variables, credentials, or config paths are requested; this is proportionate to an API-based strategy skill that relies on a public/unauthenticated endpoint per its docs.
- Persistence & Privilege
- okalways:false and default invocation settings—no elevated or persistent platform privileges requested. The skill does not request to modify other skills or system configs.