Back to skill
Skillv1.7.0
ClawScan security
Safe Skill Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 1, 2026, 6:33 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only security adviser whose requests and advice align with its stated purpose and do not ask for credentials or install code by themselves.
- Guidance
- This skill is advice-only and coherent with its purpose, but follow these precautions before acting on its recommendations: 1) Verify any external tools it recommends (visit the linked GitHub repos directly, check stars/commits and maintainer identity) before running pip install; 2) Never run curl | bash or execute unfamiliar downloaded archives — the skill itself warns against that; 3) Run third-party scanners in a sandbox or VM if possible to reduce risk; 4) Confirm the reporting email (security@clawhub.ai) is the legitimate ClawHub contact before sending sensitive evidence; 5) Remember this skill only gives guidance — actual risk comes from installing/running other tools or skills it recommends, so inspect those separately.
Review Dimensions
- Purpose & Capability
- okName, description, and content are consistent: the skill provides advice, checklists, and tool recommendations for assessing other skills. It does not request unrelated credentials, binaries, or config paths.
- Instruction Scope
- okSKILL.md only gives guidance and shell commands for users to run (e.g., pip install cisco-ai-skill-scanner, cisco-scan, secureclaw scan, history, ps, netstat). It does not instruct the AI/agent to read hidden files, environment variables, or to exfiltrate data. Note: it recommends installing third-party scanners and running system commands — these are normal for a security advisor but carry the usual user-side risk (verify tools before running).
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself (lowest install risk).
- Credentials
- okNo required environment variables, credentials, or config paths are declared or referenced. The skill's recommendations (scanners) may ask for their own credentials when used, but that is external to this skill and proportionate to its purpose.
- Persistence & Privilege
- okalways:false and disable-model-invocation:false (normal). The skill does not request persistent system presence or modify other skills or system-wide settings.