Back to skill
Skillv1.0.0
ClawScan security
OGT Docs Define · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:24 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only documentation guide for writing definition documents; it requests no credentials, installs nothing, and its runtime instructions are limited to content/structure guidance.
- Guidance
- This skill appears coherent and low-risk because it only provides authoring guidance and requires no installs or credentials. Before installing, confirm you trust the publisher (source/homepage is missing). Also review any specialized sub-skills it may call — those could have code or external requirements. Finally, if you allow autonomous agent actions in your environment, ensure the agent's file and network permissions are limited so documentation-generation actions can't inadvertently read or transmit sensitive files.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description match the SKILL.md content: it is a general guide for producing definition documents and routing to specialized definition sub-skills. It does not request unrelated binaries, env vars, or config paths. Note: the registry metadata lacks a homepage/source URL, which reduces provenance but does not change capability alignment.
- Instruction Scope
- okThe SKILL.md contains only prose and templates describing folder structure, lifecycle states, and authoring patterns; it does not instruct the agent to run shell commands, read system files, access environment variables, or transmit data to external endpoints.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). This minimizes disk writes and code execution risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Nothing in the instructions attempts to access secrets or unrelated services.
- Persistence & Privilege
- okalways:false and no install behavior mean the skill does not request permanent elevated presence. There are no instructions to modify other skills or system-wide agent settings.