Back to skill
Skillv1.0.0
ClawScan security
Grant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 4:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are consistent with a grant-writing/intelligence assistant: it is instruction-only, requests no credentials or installs, and its workflows match the stated purpose.
- Guidance
- This skill appears internally consistent and low-risk because it is instruction-only and asks for no credentials or installs. Before using it, avoid pasting sensitive credentials (API keys, passwords, bank account numbers) into prompts; only provide the project- and budget-related information required for drafting. Treat its outputs as drafting assistance — verify eligibility rules, legal terms, and budget items with official funder documents or professional advisors before submitting. If the agent later asks to upload files or access external services, confirm why that is needed and whether you trust the destination.
Review Dimensions
- Purpose & Capability
- okName and description (grant finding, writing, compliance) align with the SKILL.md content (eligibility checks, scoring, application architecture, calendars). The skill does not request unrelated binaries, environment variables, or config paths.
- Instruction Scope
- okRuntime instructions are templates, checklists, and workflows for profiling applicants, finding grants, scoring fit, and drafting proposals. They do not direct the agent to read system files, call external endpoints, or exfiltrate data. (The document advises using data and citations, which is normal for writing tasks.)
- Install Mechanism
- okNo install spec and no code files — this is an instruction-only skill. That minimizes on-disk execution risk and is proportionate to the skill's purpose.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Nothing in the instructions justifies access to secrets or unrelated services.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request elevated or persistent privileges or attempt to modify other skill/system configurations.