Skillv2.2.1

ClawScan security

Plan · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 21, 2026, 10:07 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions match its stated purpose: it inspects the codebase and writes a file-level implementation plan; it does not request credentials or install code.
Guidance: This skill is coherent and appears to do what it says: it will read your repository to research a task and then create a plan by writing files under docs/plan/. Before installing/using it, consider: 1) review the SKILL.md so you understand which files it will read and where it will write (docs/plan/{track}/spec.md); 2) run it in a feature branch or sandbox so its writes don't change main branches unexpectedly; 3) ensure your repository doesn't contain unintended secrets in files the skill might read (it has no explicit secret exfiltration steps, but it will scan the repo); 4) if you don't want network lookups or access to your session/project history, disable MCP/web tools or run in an environment where those tools are unavailable; 5) inspect created/edited files before committing. If you want stronger guarantees, consider restricting the agent's file access or running the planning step locally and reviewing outputs manually.

Review Dimensions

Purpose & Capability: okName/description promise: 'explore codebase and create spec + phased implementation plan'. SKILL.md only requires code-reading and file-writing tools (Read, Grep, Glob, Bash, Write, Edit) and optional MCP search/explain tools. All requested capabilities are proportional and appropriate for generating a repository-level plan.
Instruction Scope: noteInstructions direct the agent to read project files (CLAUDE.md, package.json/pyproject.toml, docs, tests, deploy scripts), run searches (grep/find), and create docs/plan/{track}/spec.md and related files. This is in-scope for planning, but the skill will examine the repository broadly and will write files into the repo. It may also call MCP web/kb_search or session/project search tools if available (networked retrieval), so expect both local file reads and optional external lookups.
Install Mechanism: okNo install specification or additional packages are present; this is an instruction-only skill. Nothing will be downloaded or written to disk by an installer step beyond the plan files the skill itself creates.
Credentials: okThe skill declares no environment variables, credentials, or config-path requirements. The allowed tools could access external MCP services if available, but the skill does not request any secrets or unrelated credentials.
Persistence & Privilege: notealways:false (normal). The skill is allowed to write/edit files in the repository (creates docs/plan/* and spec/task files). It can be invoked autonomously (disable-model-invocation:false) which is the platform default; this combined with file-write capability means the agent can make repository changes when invoked — users should expect and review those changes.