Back to skill
Skillv1.0.0
ClawScan security
cn-regex-tester · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 3:09 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- A small, coherent local Python regex tester that matches its description: no network calls, no secrets requested, and no install steps.
- Guidance
- This skill appears coherent and low-risk: it runs a tiny local Python script that uses re.findall and prints JSON. Before installing/using, consider: (1) Do not pass secrets or sensitive data as command-line arguments — they may appear in process listings; (2) User-supplied regular expressions can be expensive (ReDoS) on certain patterns and large inputs; avoid running untrusted patterns against large texts; (3) If your agent constructs the command via a shell, ensure arguments are properly escaped to avoid shell injection. Otherwise the code is small, readable, and matches the stated purpose.
Review Dimensions
- Purpose & Capability
- okName/description claim a simple regex tester using Python's standard library; the package contains a short Python script that performs re.findall and returns JSON. Required resources (none) align with that purpose.
- Instruction Scope
- okSKILL.md instructs invoking the included script with a regex and text. The instructions do not request unrelated files, credentials, or external endpoints. The runtime behavior is limited to local regex matching and JSON output.
- Install Mechanism
- okNo install spec (instruction-only with a bundled script). No downloads, installers, or third‑party packages are used.
- Credentials
- okNo environment variables, credentials, or config paths are requested. This matches the simple functionality of the skill.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request elevated persistence or modify other skills/config. Autonomous invocation is allowed by default but not elevated here.