Back to skill
Skillv1.0.0
ClawScan security
Log Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 4:55 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (reading and summarizing log files); it requires no credentials, no installs, and the included Python script performs straightforward local file parsing.
- Guidance
- The code appears coherent and benign, but exercise the usual caution: only run this on log files you are permitted to inspect (logs can contain sensitive data such as PII or secrets). Confirm you have Python 3 available and review the script if you want to be extra safe — the project has no listed homepage or author metadata. Also avoid running it with administrator privileges on systems with sensitive logs, and be mindful that complex regex patterns supplied to the tool could be slow on very large files.
Review Dimensions
- Purpose & Capability
- okName/description (log analysis) align with the provided files and instructions. The SKILL.md demonstrates running the included scripts/analyze.py against local log files and the script implements pattern matching, level counting, and summary generation — all expected for a log analyzer.
- Instruction Scope
- okRuntime instructions only tell the agent to run the bundled Python script against user-specified log files and to optionally write JSON output. The SKILL.md and script do not instruct reading unrelated system state, environment variables, network calls, or sending data to external endpoints.
- Install Mechanism
- okNo install spec — instruction-only with one bundled script. The Python script uses only standard library modules and does not attempt to download or execute external code during runtime.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. That is proportional to its function. The script reads whichever local file path the user supplies (expected for a log analyzer).
- Persistence & Privilege
- okSkill is not always-enabled, does not modify other skills or system-wide config, and does not persist credentials. It operates only when invoked.