Back to skill
Skillv1.0.0
ClawScan security
CLAW-1 Skill Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 9:50 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (auditing SKILL.md files) matches what it asks for and instructs; it requires no installs or credentials and is coherent with its static-analysis scope.
- Guidance
- This skill is internally consistent and doesn't ask for secrets or installs, so it appears safe to install for use as a static SKILL.md auditor. Before using it: (1) avoid placing secrets or tokens inside SKILL.md files you audit, since fetching a URL exposes that content to the agent; (2) remember it's a static tool — it cannot detect runtime-only or delayed malicious behavior, so manually review warnings (especially undocumented network calls or unusual install steps); (3) be cautious sharing audit reports publicly if the audited SKILL.md contains sensitive information. If you need the auditor to fetch remote SKILL.md files, trust the source or fetch the file yourself and supply the local copy for analysis.
Review Dimensions
- Purpose & Capability
- okName and description (SKILL.md auditor) align with the required resources: no binaries, no env vars, no installs. All requested capabilities (reading a SKILL.md from a path or URL and producing a report) are proportionate to the stated purpose.
- Instruction Scope
- noteInstructions are limited to static analysis of SKILL.md files (paths or URLs) and generating reports. This is within scope. Note: fetching a SKILL.md via URL will cause the agent to retrieve remote content (expected), and the auditor explicitly states it cannot detect runtime-only attacks — users should still manually review items flagged and be cautious about including secrets in SKILL.md content.
- Install Mechanism
- okNo install spec and no code files — lowest-risk model for an instruction-only skill. Nothing is written to disk by an installer.
- Credentials
- okNo environment variables, credentials, or config paths are requested. This is proportional for a static auditor and avoids unnecessary access to secrets or other services.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. Model invocation is allowed (platform default) but there is no elevated persistence or requests to modify other skills or system settings.