Back to skill
Skillv1.0.0
ClawScan security
Pans Pricing Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 4:40 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- This skill is a self-contained local GPU pricing/quote calculator that matches its description: no network calls, no required credentials, and no install steps were found in the provided materials.
- Guidance
- This appears to be a simple, local pricing script that is coherent with its description. Before installing or running: (1) inspect the entire scripts/pricing.py file in the package (the supplied view was truncated) to confirm there are no hidden network calls or telemetry; (2) run the script in a sandbox or isolated environment (python3 scripts/pricing.py --list) to verify behavior; and (3) prefer skills from identifiable sources or with a homepage/repos for auditability. If the rest of the file (not shown here) contains additional code, re-evaluate for network I/O or access to system credentials.
Review Dimensions
- Purpose & Capability
- okThe name/description (GPU pricing/quote generator) aligns with the included CLI script and SKILL.md examples. Required resources (none) are proportionate to the stated purpose.
- Instruction Scope
- okSKILL.md only instructs running the included Python script with local arguments (--list, --gpu, --count, --duration, --compare, --json). The instructions do not ask the agent to read unrelated files, access environment variables, or send data externally.
- Install Mechanism
- okNo install spec is present (instruction-only). The included code is a plain Python script with no build or download steps, which is proportionate and low risk.
- Credentials
- okThe skill declares no required env vars, credentials, or config paths and the script does not reference any sensitive environment values in the reviewed portion. There is no apparent need for secrets.
- Persistence & Privilege
- okSkill does not request always:true and has no mechanism to persist or modify other skills or system settings. Autonomous invocation is allowed by default but is not combined with other concerning privileges.