Back to skill
Skillv1.0.1
ClawScan security
My Firewall v2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 4:50 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is an instruction-only firewall best-practices guide and its requirements and instructions are coherent with that purpose.
- Guidance
- This is a documentation-only skill that provides firewall best practices and does not perform actions or request credentials. It appears safe to install, but note the small metadata inconsistencies (ownerId/version) which suggest sloppy packaging rather than malicious intent. Because the guidance is operational, follow provider-specific docs and test firewall changes from a second admin session to avoid lockout; this guide is not a substitute for provider APIs or audited configuration code if you need automated enforcement.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content: a general guide for configuring provider and OS firewalls. The skill requests no binaries, env vars, or install steps, which is proportionate for an instruction-only doc. Minor metadata inconsistencies exist (registry owner ID and _meta.json ownerId differ; version/publish timestamps differ), which look like bookkeeping errors but do not change behavior.
- Instruction Scope
- okSKILL.md contains only high-level recommendations and operational cautions (ports to consider, provider vs OS firewall notes, test from a second session). It does not instruct the agent to run commands, read files, access environment variables, or send data to external endpoints. Advice to 'allow SSH before enabling' is operational guidance (not a security action by the skill itself).
- Install Mechanism
- okNo install spec and no code files — instruction-only. No downloads, extracts, or install steps are present, so there is no install-time code execution risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths, which is proportionate for a documentation-style skill.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; autonomous invocation is allowed (platform default) but there are no privileges or requests for persistent system changes. The skill does not modify other skills or system-wide settings.