Skillv1.0.0

ClawScan security

Claude · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 6:56 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only document-reasoning helper whose requested resources and runtime instructions match its stated purpose and contain no surprising requirements.
Guidance: This skill appears internally consistent and low-risk, but you should still: 1) confirm the skill's provenance (source/homepage in skill.json differs from the top-level metadata and the source is 'unknown'); 2) avoid uploading highly sensitive or regulated documents until you verify how the platform handles data (logging, third-party calls, retention); 3) test with non-sensitive samples to confirm outputs and behavior; and 4) if you need formal legal advice, escalate to licensed counsel—the skill explicitly disclaims that role.

Purpose & Capability: okThe name, description, and declared capabilities all describe long-form document analysis (contracts, memos, comparisons). There are no unrelated environment variables, binaries, or config paths requested that would be inconsistent with this purpose.
Instruction Scope: okSKILL.md instructs the agent to parse and analyze user-provided documents and to follow clear guardrails (do not provide legal certainty). It does not instruct reading unrelated files, accessing environment variables, or sending data to external endpoints.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to write or execute. That minimizes on-disk installation risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The absence of requested secrets is proportionate to a document-analysis helper.
Persistence & Privilege: okThe skill does not request always:true or other elevated persistence. It is user-invocable and can be used by the agent per normal policy, which is expected for skills of this type.