Skillv1.0.0

ClawScan security

Tenant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 8, 2026, 1:59 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are coherent with a tenant-assistance purpose: it is an instruction-only skill that gives checklists, lease-translation, documentation and drafting help and does not ask for unrelated system access or credentials.
Guidance: This skill appears to do what it claims and has a low technical footprint, but it will likely ask you to upload leases, photos, and personal tenancy details to be useful. Before installing or using it: (1) confirm exactly what the skill asks you to upload or paste (avoid sharing unrelated sensitive files like full tax records or system files); (2) be cautious about sharing unredacted ID numbers or financial credentials unless you trust the environment; (3) remember that legal advice from an AI is informational — for binding legal decisions consult a local lawyer; and (4) if the skill later asks for environment variables, network endpoints, or persistent tokens, treat that as unexpected and stop the install.

Purpose & Capability: okThe name and description (tenant lifecycle, lease review, move‑in documentation, deposit protection, communications) match the SKILL.md content. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: noteSKILL.md provides guidance for inspecting apartments, translating lease clauses, documenting move‑in condition, and drafting communications — all within the stated purpose. Because this is an advice/translation skill, it reasonably expects to review user-provided leases, photos, and facts about a tenancy; users should expect to supply personally identifying information and documents for meaningful help. The instructions shown do not indicate reading unrelated system files or hidden data, but the file is truncated and users should confirm the skill only asks for documents explicitly relevant to the tenancy.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk or fetched at install time. This is the lowest-risk install profile.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That fits the described functionality (document inspection, drafting, checklists).
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request elevated/system-wide persistence. Autonomous invocation is allowed (platform default) but not combined with other red flags here.