Skillv1.0.0

ClawScan security

Python Cheat Sheets · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 16, 2026, 3:38 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are internally consistent: it's an instruction-only cheat-sheet aggregator that fetches examples from pythonsheets.com and uses them to produce Python code and explanations.
Guidance: This skill is coherent with its description: it fetches public examples from pythonsheets.com and uses them to produce Python code. Before installing or using it, consider: (1) it performs outbound fetches to pythonsheets.com on every invocation (so network access must be allowed); (2) it can generate powerful code (network servers, packet sniffers, SSH automation, crypto, low-level extensions, distributed training) — always review and sandbox any generated code before running, and avoid executing as root; (3) the skill has no install and requests no secrets, which reduces risk, but the skill's source/homepage are not provided — if provenance matters, prefer skills with a known author or homepage. If you plan to run code produced by this skill, test in an isolated environment and audit for unsafe patterns (unsanitized inputs, elevated permissions, or calls that interact with production systems).

Purpose & Capability: okThe name/description (Python cheat sheets, examples, and patterns) match the declared artifacts: a topic→URL map and guidelines pointing at pythonsheets.com. No unrelated env vars, binaries, or installs are requested.
Instruction Scope: noteThe SKILL.md explicitly directs the agent to always fetch the listed pythonsheets.com URLs via WebFetch and to use that content to write code and explanations. That behavior matches the skill's stated purpose. Be aware the skill covers topics (packet sniffing, sockets, SSH, cryptography, distributed training, etc.) that can produce powerful or dangerous code; the instructions do not ask to read local files or to transmit user files to third parties, but generated code must be reviewed before execution.
Install Mechanism: okNo install spec or code files are present — this is instruction-only and does not write code to disk or download third-party packages during install.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The declared needs are proportional to an aggregator/reference skill.
Persistence & Privilege: okThe skill is not always-installed and does not request elevated persistence or modification of other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.