Back to skill
Skillv1.0.0
ClawScan security
Skill Vetter 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 9:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only vetting checklist whose requested access and instructions are consistent with its stated purpose; no code, installs, or credentials are requested.
- Guidance
- This is an instruction-only checklist for vetting other skills and appears internally consistent. Before using it: (1) confirm the skill's author/source (the registry metadata and _meta.json ownerId differ—investigate if that matters to you), (2) when following its steps, fetch repository files as text and do not execute downloaded scripts or binaries, (3) pay special attention to any skill files that contain curl/wget to unknown hosts, embedded URLs, install scripts, or obfuscated content, and (4) for high-risk targets (credentials, root/system access) perform an explicit human review rather than relying solely on automated checks.
Review Dimensions
- Purpose & Capability
- okThe name/description match the content: an agent-facing vetting protocol for skills. There are no unexpected environment variables, binaries, or install steps requested that would be unrelated to vetting.
- Instruction Scope
- noteSKILL.md tells the agent to read all files of the target skill and to query GitHub for repo metadata — which is appropriate for a vetting tool. It does not instruct executing code, but it does not explicitly forbid running downloaded scripts; the document warns about exec()/eval() and other red flags. Recommendation: when following the protocol, fetch and inspect files as text only and do not run any scripts or binaries from the target repository.
- Install Mechanism
- okNo install spec and no code files are present; this is instruction-only and does not write to disk or pull external packages during installation.
- Credentials
- okThe skill declares no required env vars, credentials, or config paths. The vetting instructions deliberately flag access to ~/.ssh, ~/.aws, and credential files as red flags — consistent with its security-first purpose.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated privileges. It does not modify other skills' configs or request system-wide changes.