Back to skill
Skillv1.0.1
ClawScan security
DCL Secret Leak Detector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 13, 2026, 4:00 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only secret-scanner whose declared behavior, required resources, and runtime steps are coherent and proportionate to its stated purpose.
- Guidance
- This skill appears internally consistent and limited in scope, but review runtime and deployment controls before trusting it with sensitive production data: (1) The SKILL.md promises no network transmission, but your agent runtime or other enabled tools could still exfiltrate text — ensure the agent's connectors, tool permissions, and network egress are restricted as needed. (2) Test the detector on non-sensitive dummy secrets to validate false-positive/negative behavior and the redaction rules. (3) Confirm how and where agent logs are stored (the skill computes hashes and fingerprints that could be logged). (4) Because the skill is instruction-only and from an unknown source, prefer running it in an environment with minimal privileges and auditing enabled. If you need stronger guarantees, consider a vetted local implementation or review the detection logic integrated into your execution environment.
Review Dimensions
- Purpose & Capability
- okThe skill is an instruction-only secret/credential detector. It declares no installs, binaries, env vars, or credentials and its detection checklist and output (hashes, redacted samples, verdicts) align with that purpose.
- Instruction Scope
- okSKILL.md gives a clear, bounded checklist: scan provided conversation text, compute SHA-256 hashes, classify matches, redact samples, and emit a deterministic fingerprint. It does not instruct reading unrelated files, other config paths, or sending data to external endpoints. (Caveat: the skill asserts 'no text leaves the agent'—that is an operational guarantee the runtime must enforce, not something the instruction file can technically enforce.)
- Install Mechanism
- okNo install spec or code files are present. Being instruction-only means nothing will be written to disk or downloaded by the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That is appropriate for an in-context scanner that operates on user-supplied text.
- Persistence & Privilege
- okalways is false and model invocation is default-enabled. The skill does not request permanent agent presence nor does it instruct modifying other skills or system-wide settings.