Skillv2.1.0

ClawScan security

Ontology Mapper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 3:58 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (mapping construction data to standard ontologies); it requires python and filesystem access which align with processing user-provided files, and there are no unexpected credentials, network endpoints, or install steps.
Guidance: This skill appears to do what it says: map construction data to ontologies using Python and reading user-provided files. Before installing or invoking it, only give it the files you want processed (avoid sending system or credential files), confirm the homepage/owner if provenance matters, and prefer manual review of any exported mappings before sharing them externally. Because the package requests filesystem access in its metadata, treat that as the main risk vector: restrict inputs to project data and do not expose secrets.

Review Dimensions

Purpose & Capability: okName/description (ontology mapping) align with the declared requirements: python3 is required and the SKILL.md contains Python-based mapping classes and logic. Requesting filesystem access in claw.json is reasonable for reading user-supplied CSV/Excel/JSON files.
Instruction Scope: noteinstructions.md and SKILL.md focus on processing data the user supplies and producing mapping reports. The skill documentation explicitly constrains operations to user-provided data, but the claw.json grants generic filesystem permission—this is required for file-based inputs but means the skill could read files if misused. No instructions were found that direct the agent to read unrelated system files or environment secrets.
Install Mechanism: okThere is no install spec and no code files to write/execute on install (instruction-only). This minimizes installation risk. The only runtime requirement is python3, which matches the provided code examples.
Credentials: okThe skill declares no required environment variables or credentials. That is proportional to the described task of local data mapping. No evidence in the provided files of attempts to access unrelated credentials or external services.
Persistence & Privilege: notealways is false (normal) and disable-model-invocation is false (normal autonomous invocation). claw.json includes a broad 'filesystem' permission which is appropriate for reading input files but is a sensitive permission—users should avoid supplying sensitive system files. The skill does not request persistent system-wide privileges.