Back to skill
Skillv1.2.0
ClawScan security
Issue Prioritizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 12:14 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are consistent with a read-only GitHub issue triage tool that uses the gh CLI and internal agent/task features to parallelize analysis.
- Guidance
- This skill appears to do what it says: read GitHub issues (via your authenticated gh CLI), detect related PRs, and score issues. Before installing/using it: 1) ensure your gh CLI is authenticated with an account/token you intend to use; the skill will read issue/PR text and may send that content to internal subagents for analysis, so treat any sensitive strings in issues accordingly; 2) confirm you’re comfortable with the platform’s Task/subagent feature running parallel analysis (the commands ask to spawn up to 7 subagents); and 3) note the commands file mentions tools that can read local files — while SKILL.md doesn’t instruct reading local filesystem paths, if you have strict data-exposure rules, verify the skill (or platform) won’t access local files you don’t want analyzed. Overall the skill is internally coherent and read-only, not requesting unrelated credentials or downloads.
Review Dimensions
- Purpose & Capability
- okName/description (prioritize GitHub issues) align with required binaries (gh) and the described fetch/analysis steps. No unrelated credentials or external services are requested.
- Instruction Scope
- noteSKILL.md stays within triage scope: fetch issues/PRs, detect linked PRs, score issues, and produce rankings. It instructs spawning parallel subagents via the platform Task tool and to pass issue JSON to those agents (expected for parallel analysis). One minor inconsistency: the commands file lists allowed-tools including Read/Glob/Grep, which implies the skill could read local files, but the SKILL.md itself never instructs reading local filesystem paths. This is not obviously malicious but is worth noting to users who may have sensitive local files.
- Install Mechanism
- okInstruction-only skill with no install spec and no downloads. Lowest-risk install posture; it assumes gh is already installed.
- Credentials
- okNo environment variables or additional credentials are requested. The only required auth is gh CLI authentication (appropriate for accessing repository issues).
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent presence or modify other skill/system configs. It does instruct spawning temporary parallel agents (Task tool) for analysis, which is a normal platform capability.