Skillv1.0.1

ClawScan security

Corpus · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 27, 2026, 2:31 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required environment variables are coherent with its stated purpose (accessing a user's Corpus library) and do not request unrelated credentials or risky installs.
Guidance: This skill appears to do what it says: talk to the Corpus API using your CORPUS_API_TOKEN. Before installing or enabling it, verify you trust the skill source (the GitHub repo), store the token with least privilege (use a dedicated token you can revoke), and review the included scripts yourself. Be cautious when the agent proposes write actions or 'apply code changes' to your repository — require explicit user confirmation for any file modifications. Rotate or revoke the token if you stop using the skill.

Purpose & Capability: okName/description (search, fetch, save, reminders) align with the declared requirements: python3 binary and a single CORPUS_API_TOKEN. The default API base URL matches the project homepage and the commands map to Corpus API endpoints.
Instruction Scope: noteSKILL.md stays within the Corpus API scope and warns not to print the token and to confirm writes. One notable instruction: the recommended workflow suggests applying code changes 'in the current working repository after user confirmation' — this is functional for implementation tasks but grants the agent a path to modify local files once the user consents. Confirmations and limited scope are recommended before any writes/edits.
Install Mechanism: okNo install spec; this is an instruction-only skill with a small included Python script. No downloads, package managers, or archive extraction are used.
Credentials: okOnly CORPUS_API_TOKEN is required (primaryEnv). Optional vars (CORPUS_API_BASE_URL, CORPUS_TIMEOUT_SECONDS) are documented. No unrelated secrets or config paths are requested.
Persistence & Privilege: okalways is false and the skill is user-invocable. The skill does not request persistent agent privileges or modify other skills' configuration.