Back to skill
Skillv1.0.0
ClawScan security
Guarantee · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 2:30 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, text-based legal/business guidance tool whose requested resources and runtime instructions are consistent with its stated purpose; it does not request credentials, install code, or perform external actions.
- Guidance
- This skill is instruction-only and technically low-risk, but its provenance is unknown (no homepage or author link). Before using it for real contracts or customer-facing guarantees: (1) treat its output as draft/advice, not binding legal counsel; (2) have a qualified lawyer review any guarantee text and confirm applicability to your jurisdiction; (3) avoid pasting sensitive business secrets into the skill; and (4) prefer skills with clear authorship and versioning if you need auditable/legal-grade guidance.
Review Dimensions
- Purpose & Capability
- noteThe name, description, and SKILL.md all describe guidance on drafting and interpreting guarantees; there are no unexpected binaries, env vars, or config paths. One note: the package provenance is unknown (no homepage, unknown source), which affects trustworthiness but not technical coherence.
- Instruction Scope
- okSKILL.md is purely explanatory and prescriptive legal/business guidance. It does not instruct the agent to read files, access environment variables, call external endpoints, or transmit data — scope stays within authoring and explanatory tasks.
- Install Mechanism
- okThere is no install spec and no code files; nothing is written to disk or downloaded. This is the lowest-risk install model.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. Requested access is proportionate (none) to the described functionality.
- Persistence & Privilege
- okalways is false and the skill can be user-invoked or autonomously invoked per platform defaults. It does not request elevated or persistent privileges or modify other skills' configs.