Back to skill
Skillv1.0.0
ClawScan security
get QA pairs from text or session · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 7:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, scope, and requirements match its description (extracting Q&A and preferences from the current chat or supplied text) and it does not request extra credentials, installs, or privileged access.
- Guidance
- This skill appears coherent and low-risk: it simply scans the conversation or provided documents to produce Q&A pairs and stated/inferred preferences and requests no credentials or installs. Before installing, consider whether you are comfortable the agent reading full chat history or uploaded documents (it may surface sensitive or private details). If you will use it with confidential content, review outputs carefully before sharing or exporting; consider disabling autonomous invocation for extra caution. Note the skill source is 'unknown' — while this is instruction-only (lower risk), prefer skills from known publishers if you need stronger provenance guarantees.
Review Dimensions
- Purpose & Capability
- okName and description claim extraction from chat sessions or documents, and the SKILL.md only instructs the agent to scan the conversation or provided text and produce Q&A pairs and preferences — all coherent and proportionate.
- Instruction Scope
- noteInstructions explicitly require scanning the full chat or provided document and synthesizing implicit/explicit Q&A and preferences. This is expected for the stated purpose, but it inherently reads potentially sensitive conversation content; the skill does not instruct reading unrelated files or external endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files, so nothing is written to disk or downloaded — lowest-risk install profile.
- Credentials
- okNo environment variables, credentials, or config paths are requested; the data the skill needs (chat text or uploaded documents) is consistent with its purpose.
- Persistence & Privilege
- okalways:false and default model invocation allowed; the skill does not request persistent or elevated privileges nor modify other skills or system settings.