Back to skill
Skillv0.1.0
ClawScan security
Presale Regulation Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 5:44 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only workflow for auditing regulations and its declared requirements and files are coherent with that purpose.
- Guidance
- This skill is a high-level, instruction-only audit workflow — it won't install code or request secrets. Before using it, decide which documents and logs the agent should access (regulations, incident history, configs), redact or withhold sensitive data as needed, and provide only the minimal inputs required. Because the instructions are broad, restrict agent access scope when running (explicit input files, limited folders) and review produced config diffs before applying them to production. If you need the agent to operate autonomously on live systems, consider adding explicit checks and approval steps in the workflow.
Review Dimensions
- Purpose & Capability
- okName, description, and included workflow files all describe a regulation-audit process; there are no unexpected binaries, credentials, or installs required that would be disproportionate to this purpose.
- Instruction Scope
- noteSKILL.md defines the expected audit steps and outputs and references the included workflow file. The instructions are intentionally high-level (e.g., "Collect current regulation sources") which is appropriate for a template-style skill but grants broad discretion about what data sources to access; users should be aware that the agent will need access to whatever regulation, incident, and config artifacts you provide.
- Install Mechanism
- okNo install spec and no code files — instruction-only — so nothing will be written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; that aligns with its stated purpose as a guidance/workflow skill.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent privileges. Autonomous invocation is allowed by default but that is normal; nothing in the skill asks to alter other skills or system-wide settings.