Back to skill
Skillv1.0.0
ClawScan security
Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 3:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, high-level advisory tool for selecting and connecting software and does not request credentials, install code, or perform actions outside its stated purpose.
- Guidance
- This skill appears coherent and low-risk: it only provides advice and asks for no credentials or installs. Before enabling, decide whether you want the agent to invoke it autonomously (default) and avoid giving it any system credentials or access it doesn't request. If you later add integrations (APIs, installers, or automation scripts) to make the advice actionable, re-evaluate those additions for credentials, network endpoints, and install sources.
Review Dimensions
- Purpose & Capability
- okName and description match the content of SKILL.md. The skill is a conceptual/framework assistant for finding, evaluating, and connecting tools and does not declare or require unrelated binaries, credentials, or system access.
- Instruction Scope
- okSKILL.md contains only guidance, evaluation frameworks, and workflow advice. It does not instruct the agent to read files, access environment variables, run commands, or transmit data to external endpoints.
- Install Mechanism
- okNo install spec and no code files are present; this instruction-only skill does not write to disk or fetch external code.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. This is proportionate to the high-level advisory purpose.
- Persistence & Privilege
- okFlags are default (always: false, model invocation enabled) so the skill can be invoked by the agent but is not force-included in every run. It does not request persistent system-level privileges or modify other skills' configs.