Back to skill
Skillv1.0.0
ClawScan security
Model · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 2:29 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only assistant for model selection, prompting, evaluation, and workflows; its declared capabilities match the content and it requests no credentials or installs.
- Guidance
- This skill is instruction-only and internally consistent with its stated purpose: it provides guidance on model choice, prompting, evaluation, and workflows and does not request credentials or install software. Before installing, review the full SKILL.md to ensure later sections do not ask for secrets or system access; if you prefer to prevent autonomous usage, you can disable model invocation for the skill or only invoke it manually. If you plan to follow its advice to call external APIs or run tools, be cautious about where you store and provide any credentials those steps may require.
Review Dimensions
- Purpose & Capability
- okThe name and description match the SKILL.md content: guidance on choosing models, prompting, evaluation, and workflows. There are no unrelated requirements (no env vars, binaries, or config paths) that would be disproportionate to this purpose.
- Instruction Scope
- okThe SKILL.md contains advice and procedures for interacting with models and building workflows. It is instruction-only and does not direct the agent to read local files, access external endpoints, or exfiltrate data beyond normal model usage. No vague, broad directives (like 'gather whatever context you need') were found in the provided excerpt.
- Install Mechanism
- okThere is no install specification and no code files, so nothing will be downloaded or written to disk during install. This is the lowest-risk install profile.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. It does not request access to external service tokens or secrets, which is proportionate to an advisory/instructional skill.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. disable-model-invocation is false (normal), meaning the agent could invoke this skill autonomously when eligible; this is expected for skills and is not by itself a concern.