Back to skill
Skillv1.0.0
ClawScan security
Skill with Prompt Engineering by Gen AI Space · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 6:41 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only prompt-engineering skill is internally consistent with its description, requests no credentials or installs, and stays within a reasonable scope for creating prompts and SKILL.md files.
- Guidance
- This skill appears coherent and low-risk because it is instruction-only and asks for no credentials or installs. Before installing, consider: (1) review any prompts or SKILL.md the agent generates to ensure they don't accidentally include or request sensitive data, (2) be aware the skill can be invoked by the agent by default (normal behavior) — if you want manual-only use, set disable-model-invocation accordingly, and (3) if you publish or share generated SKILL.md files, double-check they don't embed secrets, credentials, or organization-specific config. If you want extra safety, ask the skill to refuse any request that would require seeing private files or credentials.
Review Dimensions
- Purpose & Capability
- okThe name/description (prompt engineering / SKILL.md building) matches the SKILL.md content. The skill asks for no binaries, env vars, or installs — all proportional to an instruction-only prompt-engineering assistant.
- Instruction Scope
- okRuntime instructions are limited to asking the user for details, drafting prompts/SKILL.md content, and performing internal review rounds. The instructions do not read files, access environment variables, or send data to external endpoints. The allowed agent discretion (choose defaults if the user is unsure) is constrained by requiring the agent to tell the user what it chose and ask for confirmation.
- Install Mechanism
- okNo install spec or code files are present; this is the lowest-risk model (instruction-only). Nothing is written to disk or downloaded by an installer.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There are no unexplained secrets or cross-service credentials requested.
- Persistence & Privilege
- okalways is false and disable-model-invocation is the platform default (false). The skill does not request permanent presence or elevated privileges, nor does it modify other skills or system-wide settings.