Skillv1.0.0

ClawScan security

NAVIGATOR · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 9:14 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only helper that advises users about pasted commands and suggests a single fix; its requirements and instructions align with that purpose and do not request extra privileges or credentials.
Guidance: This skill is coherent and low-risk in terms of permissions: it only reads what you paste and gives advice. Before using it, avoid pasting secrets (API keys, private files) into the chat. Treat any 'copy-paste ready' commands as draft: review them carefully rather than running them blindly, and follow the skill's own checkpoint (make a backup or git commit) before executing fixes. If you are concerned about an agent acting autonomously, keep autonomous invocation disabled or monitor its actions; otherwise this instruction-only skill does not request extra credentials or install code.

Purpose & Capability: okName/description (help users check pasted commands and close one gap) match the SKILL.md: no binaries, no env vars, no installs are required and nothing in the metadata asks for unrelated access.
Instruction Scope: okThe SKILL.md is explicit and limited to reading user-provided text (commands, outputs, errors), diagnosing, giving one clear fix, and asking the user to back up. It does not instruct the agent to read system files, env variables, or call external endpoints.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk and no external packages are fetched.
Credentials: okThe skill requests no environment variables, credentials, or config paths; there are no disproportionate secret requests.
Persistence & Privilege: okDefaults are used (not always:true). The skill does not request permanent presence or system-wide configuration changes.