Skillv1.3.0

ClawScan security

SkillClinic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 4:15 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are coherent with its stated purpose (auditing and optionally fixing other skill files); it asks to read and edit local skill documents but does not request unrelated credentials, installs, or external endpoints.
Guidance: This skill is coherent with its stated purpose but has permissions to read and modify files. Before running it: (1) only provide explicit skill directories you trust — avoid pointing it at system or home directories; (2) back up the target skill files or use version control so you can review/revert edits; (3) inspect any proposed edits the skill shows before confirming 'apply'; (4) be cautious if you intend the agent to run autonomously — while this skill is not always-included, any automation that gives it file-edit permission increases risk. If you want stricter safety, request a dry-run audit (read-only) and refuse the 'apply fixes' step.
Findings: [no_regex_findings] expected: The static regex scanner had nothing to analyze because this is an instruction-only skill with no code files; absence of findings does not imply safety, but is expected for a docs-only skill.

Review Dimensions

Purpose & Capability: okName/description: auditing skills (Gene structure, metadata.trigger, content quality). Declared artifacts (SKILL.md + reference docs + report) and allowed-tools (Read/Glob/Write/Edit/AskUserQuestion) align with that purpose. No unrelated binaries, env vars, or external credentials are requested.
Instruction Scope: noteRuntime instructions say ask the user for a skill name or full path, read SKILL.md and other docs in the directory, compute scores, produce recommendations, and optionally apply edits. Reading and editing skill files is coherent for an audit tool. Caution: because it accepts a full path, it can read/edit arbitrary files the agent has filesystem access to — ensure you only point it at the intended skill directory and review any edits before applying.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is downloaded or written by an installer. This is the lowest-risk install model.
Credentials: okNo environment variables, credentials, or config paths are required. The skill's access (file read/write) is proportional to its purpose of auditing and optionally modifying skill files.
Persistence & Privilege: okalways:false and user-invocable:true. The skill is not force-included in every agent run. It can edit files (declared in allowed-tools), which is necessary for its 'apply fixes' function; edits should be performed only after explicit user confirmation (the SKILL.md indicates it will ask).