Back to skill
Skillv0.1.0
ClawScan security
Presale One-pass Orchestrator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 5:44 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only orchestrator that reads and updates project plan files and verification artifacts; its requirements and instructions are coherent with its stated purpose and it does not request credentials or install code.
- Guidance
- This skill is coherent for managing a one-pass execution of presale plans, but it operates by reading and updating project plan files and verification artifacts in the workspace. Before running it, ensure: (1) the workspace contains only non-sensitive files or that sensitive data is removed, (2) you have backups or version control for plan files the skill may modify, and (3) the meaning/locations of artifacts like `project-context`, `verification matrix`, and `mid-summary` are known and confined to the intended project. If you need stricter controls, run the skill in a restricted environment or review the exact plan files it will act on before allowing modifications.
Review Dimensions
- Purpose & Capability
- okThe name/description (one-pass presale orchestration with preflight gates and QA loops) matches the instructions: validate readiness, follow plan steps, update verification matrices, and enforce QA. No unrelated binaries, credentials, or installs are requested.
- Instruction Scope
- noteThe SKILL.md instructs the agent to read and validate artifacts like `project-context`, `verification matrix`, `mid-summary`, and plan files and to update those files. That is consistent with orchestration, but the references are high-level and assume those artifacts exist in the agent's workspace—the skill may therefore search for and modify project files. There are no instructions to contact external endpoints or access unrelated system paths.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. No packages, downloads, or executable installs are performed.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The agent will operate only on project artifacts implied by the instructions; this is proportionate to the stated orchestration task.
- Persistence & Privilege
- okalways is false (default) and there is no attempt to modify other skills or system-wide settings. The skill will act within the current run and workspace as an orchestrator.