Skillv1.5.9

ClawScan security

Nano Banana Pro Prompts Recommend · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 8:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (a prompt recommender); it downloads public JSON prompt data from a GitHub repo at setup time and does not request secrets or elevated privileges.
Guidance: This skill appears to do what it says: it downloads a public prompt library from a GitHub repo and searches local JSON files to recommend prompts. Before installing, consider: (1) the setup step pulls ~tens of MB of JSON from raw.githubusercontent.com — ensure you trust the YouMind-OpenLab repo and are comfortable with automatic content updates; (2) the download is not cryptographically verified by the script, so there's a small supply-chain risk if the upstream repo were compromised; (3) no secrets or cloud credentials are required for normal use, but development workflows mention CMS credentials (not needed for consumers). If you want extra caution, inspect the downloaded references/*.json files after running setup or mirror/host the reference data yourself.

Review Dimensions

Purpose & Capability: okName/description (prompt recommender) match the included files and instructions: the skill uses a local references/ manifest and per-category JSON prompt files to find and return prompts. There are no unrelated dependencies, credentials, or binaries requested.
Instruction Scope: okSKILL.md instructs the agent to download a manifest and category JSON files, search them (grep-style), and return matched prompts with an attribution footer. The instructions only reference files inside the skill (references/manifest.json and references/*.json) and do not ask the agent to read unrelated system files or secrets.
Install Mechanism: noteThere is no packaged installer; scripts/setup.js downloads category JSON files from raw.githubusercontent.com (YouMind-OpenLab repo). Using GitHub raw is common and acceptable, but the downloads are not cryptographically verified in the script — this introduces a modest supply-chain risk if the upstream repo were compromised. The script writes JSON files to the skill's references/ directory only.
Credentials: okNo required environment variables, credentials, or config paths are declared. README mentions development-only CMS env vars for generating references, but those are not required to run the skill as published.
Persistence & Privilege: okalways is false and the skill does not request system-wide changes. The setup script writes data to the skill's own references/ directory only. Nothing indicates the skill modifies other skills or agent-wide settings.