Skillv1.0.1

ClawScan security

LYGO-MINT Verifier · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 12, 2026, 2:08 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill implementation matches its stated purpose: local canonicalization, hashing, ledger writes, and anchor snippet generation; it requests no credentials or installs and only operates on workspace files, though it invokes external workspace tools which you should inspect before use.
Guidance: This skill appears coherent and implements the advertised mint/verify workflow locally, but take these precautions before installing or running it: 1) Inspect the missing workspace tools (tools/lygo_mint/mint_pack.py and canonicalize_ledger.py) before running mint_pack_local.py — they are executed via subprocess and could perform arbitrary actions. 2) Only run it on non-secret packs (the documentation explicitly says so); ledger entries will persist in state/lygo_mint_ledger.jsonl and may contain any printed/raw output. 3) Run in a restricted or disposable workspace or with least-privilege file permissions if you have concerns. 4) If you plan to automate posting anchors, verify the backfill/posting process separately and require explicit operator approval for any network/transaction steps. If you can inspect the referenced tools and confirm they only perform canonicalization/hashing/ledger updates, the skill is reasonable to use.

Purpose & Capability: okName/description (canonicalize, SHA-256, ledger, anchor snippet) align with the provided scripts. No unrelated env vars, binaries, or install steps are requested. The code writes append-only ledger files and prints anchor snippets as described.
Instruction Scope: noteSKILL.md and included scripts confine actions to local workspace files (reading pack files, appending state/lygo_mint_ledger.jsonl, updating canonical JSON, printing snippets). However, mint_pack_local.py invokes external workspace tools (tools/lygo_mint/mint_pack.py and canonicalize_ledger.py) via subprocess; those tools are not included here and could perform arbitrary actions. The documentation warns to review those tools before using sensitive data.
Install Mechanism: okNo install script or network downloads are present; this is an instruction-only skill with shipped helper scripts. Nothing is downloaded or extracted during install.
Credentials: okThe skill requires no environment variables, credentials, or config paths. The scripts do not read secrets or environment variables in the provided code.
Persistence & Privilege: okalways is false and the skill does not request permanent platform-level privileges. It writes ledger files to the workspace (state/...), which is expected for its purpose and is limited to the workspace scope.