Back to skill
Skillv1.0.0
ClawScan security
Charts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 4:00 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only chart generator that only asks for chart type/data/style and writes output to a workspace path; its declared requirements, instructions, and persistence are consistent with its stated purpose.
- Guidance
- This skill appears coherent and low-risk: it only describes how to produce charts and save them under /workspace/reports/charts/. Before installing, consider: (1) the agent will write files to the workspace — avoid sending sensitive data you don't want stored there; (2) because it is instruction-only, chart generation will rely on the agent's available tools or libraries (confirm the runtime has the plotting capability you expect); (3) the skill can be invoked autonomously (platform default), so monitor behavior if you allow autonomous runs. No credentials, downloads, or external endpoints are declared in the skill, which keeps its footprint minimal.
Review Dimensions
- Purpose & Capability
- okName/description (chart generation) matches the SKILL.md instructions. It asks the user for chart type, data and style and promises image/HTML output under /workspace/reports/charts/. There are no unrelated required binaries, env vars, or config paths.
- Instruction Scope
- okRuntime instructions are minimal and stay within the stated purpose. The only filesystem reference is the output location (/workspace/reports/charts/), which is reasonable for a report/chart generator. The SKILL.md does not instruct reading unrelated files, accessing other system credentials, or sending data to external endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only — so nothing will be downloaded or written to disk at install time. This is the lowest-risk install model.
- Credentials
- okNo environment variables, credentials, or config paths are required. Requested capabilities are proportionate to the stated purpose.
- Persistence & Privilege
- okalways is false and there are no indications the skill modifies other skills or system-wide settings. Autonomous invocation is allowed by default but is not combined with other red flags.