Skillv1.0.0

ClawScan security

111 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 26, 2026, 1:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a small, self-contained mock/template for producing meeting-minute workflows and requests no credentials, installs, or external access — its files are inert and consistent with the description.
Guidance: This skill is a mock/template for meeting-minute workflows and appears safe: it asks for no credentials, makes no network calls, and its Python file is a no-op. Before installing, note that it's only a starting point — a malicious actor could later modify SKILL.md or the code to add network access or credential use, so review any edited versions before granting broader privileges (especially any future requests for env vars, install scripts, or always:true). If you plan to let agents invoke skills autonomously, only enable skills you trust to keep behavior limited to their stated purpose.

Purpose & Capability: okName/description describe a meeting-minutes task helper; the included SKILL.md and a tiny no-op Python entrypoint are consistent with that purpose and do not request unrelated capabilities.
Instruction Scope: okSKILL.md contains generic, high-level instructions for breaking down meeting-minutes tasks and explicitly states it is a mock/example. It does not instruct the agent to read system files, access credentials, or transmit data to external endpoints.
Install Mechanism: okNo install spec is present (instruction-only plus a small local script). Nothing is downloaded or written to disk beyond the provided files.
Credentials: okNo required environment variables, credentials, or config paths are declared or used; this is proportionate to a template/mock skill.
Persistence & Privilege: okSkill does not request always:true, does not alter other skills or system settings, and contains no autonomous setup steps that would persist credentials or modify global configuration.