Skillv3.0.2

ClawScan security

ClawPolicy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 11, 2026, 12:47 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a thin, coherent wrapper for the public 'clawpolicy' Python package: its instructions, required binaries, and verification script match the stated purpose and there are no unexplained credentials or risky install URLs.
Guidance: This skill is an instruction-only wrapper that installs and uses the public 'clawpolicy' package from PyPI. That is coherent, but installing any third-party package runs code at install time and then executes that package locally. Before installing: (1) review the upstream GitHub repo and PyPI package page for recent releases and maintainership, (2) run the included verify_install.sh in an isolated environment (virtualenv or VM) as the script itself does, (3) avoid giving the agent elevated credentials or running this in a high-privilege environment until you trust the package, and (4) be aware optional extras (clawpolicy[phase3]) pull heavier dependencies—only install them if you need them. If you want stronger assurance, inspect the package contents from PyPI before running it (pip download + unpack) or run tests in a sandbox.

Purpose & Capability: okName, description, and SKILL.md all describe a CLI/Python API wrapper for the ClawPolicy project; required binaries (python3, pip3) and the pip install requirement are appropriate and proportional.
Instruction Scope: okRuntime instructions only install the PyPI package and call its CLI and Python module entrypoint; they create a local '.clawpolicy/' directory as documented. The SKILL.md does not ask the agent to read unrelated files, exfiltrate data, or access extra environment variables.
Install Mechanism: okInstall is via PyPI (python -m pip install clawpolicy), which is expected for a Python CLI/library. No downloads from personal servers, shorteners, or arbitrary URLs are present. The included verification script uses an isolated venv, which is a good practice.
Credentials: okNo environment variables, credentials, or config paths are requested. The package may write local files under the documented '.clawpolicy/' path, which is consistent with its purpose.
Persistence & Privilege: okThe skill is not forced-always, does not request system-wide configuration changes, and contains no instructions to modify other skills. Autonomous invocation is allowed (platform default) and appropriate for a policy supervision tool.