Back to skill
Skillv1.0.0
ClawScan security
Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 11:38 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that gives guidance for designing trackers and does not request credentials, install software, or instruct the agent to access files or external endpoints—its declared purpose matches its behavior.
- Guidance
- This skill is a collection of best-practice instructions and templates for building trackers and appears internally consistent and low-risk. Before installing, remember: 1) because it is instruction-only it won’t execute code on your machine, but always review the SKILL.md for future changes; 2) if a later version adds an install step, environment variables, or network calls, re-evaluate the skill (those are the main ways a skill can gain more risk); and 3) if you plan to integrate this advice with real systems (databases, spreadsheets, project tools), grant credentials only to the specific integration and verify that those requests match the integration’s documented needs.
Review Dimensions
- Purpose & Capability
- okName and description (tracker design and improvement) align with the SKILL.md content; nothing in the manifest asks for unrelated capabilities such as cloud credentials or system access.
- Instruction Scope
- okSKILL.md contains only guidance, templates, and example data structures for tracker design. It does not instruct the agent to run shell commands, read files, send data to external endpoints, or access environment variables.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). Nothing will be written to disk or downloaded as part of installation.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The instructions do not reference secrets or external services.
- Persistence & Privilege
- okalways is false and there is no indication the skill requests elevated persistence or modifies other skills or global agent settings.