Skillv1.0.0

ClawScan security

PluginEval Core · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 8, 2026, 3:36 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, instructions, and runtime behavior are consistent with a self-contained static quality evaluator; no disproportionate credentials, installs, or privileges are requested — but review before allowing write-mode or any Layer 2 LLM/network behavior that may be implemented beyond the truncated code.
Guidance: This skill appears coherent and self-contained. Before running it: (1) run in read-only modes first (e.g., --layer1, --anti-patterns, or --auto-fix without --allow-write) to inspect outputs; (2) review the full scripts/eval.py to confirm there are no hidden network calls or LLM API invocations in the portions not shown (Layer 2 mentions an LLM judge — verify it doesn't require external API keys or make outbound requests); (3) run the provided tests in a sandbox; and (4) don't use --allow-write until you've inspected the auto-fix code and are comfortable with changes and backups (the script creates backups in the same skill directory). If you want higher assurance, ask for the remainder of eval.py (the truncated section) to confirm there are no unexpected network or credential accesses.

Purpose & Capability: okName/description claim a self-contained quality evaluator and the repository contains an evaluation script and references that match that purpose. The skill declares no external env vars, binaries, or installs, which is proportionate to its stated function.
Instruction Scope: okSKILL.md instructs running the included Python evaluator against a skill directory; it documents read-only modes (--layer1, --anti-patterns) and an explicit --allow-write flag for modifications. The instructions do not direct reading of unrelated system files or exfiltration to external endpoints.
Install Mechanism: okNo install spec (instruction-only) and included code uses only standard library imports shown. This is low-risk: nothing is downloaded from arbitrary URLs or installed automatically.
Credentials: okNo required environment variables, credentials, or config paths are declared or used in the visible code. That aligns with the skill's stated static-analysis purpose.
Persistence & Privilege: okSkill is not always-included and has normal autonomy defaults. File-modification capabilities exist but require an explicit --allow-write flag; backups are created under the target skill directory. The skill does not request system-wide changes or other skills' credentials.