Back to skill
Skillv1.0.0
ClawScan security
Skill Vetter 1 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 9:36 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only vetting checklist that is internally consistent with its stated purpose and requests no credentials or installs; minor metadata provenance inconsistency is worth checking before trusting it blindly.
- Guidance
- This skill is coherent and appears safe to use as a checklist. Before relying on it: (1) Verify the skill's provenance — the ownerId in the included _meta.json does not match the registry Owner ID provided to you; confirm which is authoritative. (2) Ensure your agent's file read scope is limited to the skill repository/workspace so 'read all files' cannot access unrelated private data (SSH keys, AWS creds, etc.). (3) If you allow the skill to run network queries, prefer read-only API calls and inspect the exact curl endpoints it will call. (4) Use this vetter as an aid, not a substitute for human review on high-risk skills.
Review Dimensions
- Purpose & Capability
- okThe skill's name, description, and SKILL.md all describe a vetting checklist and the instructions align with that purpose. It is instruction-only and does not request binaries, env vars, or installs. Note: the registry metadata Owner ID (kn78...) differs from the _meta.json ownerId (kn71...), which is a provenance inconsistency worth verifying.
- Instruction Scope
- noteThe SKILL.md explicitly instructs the agent to 'Read ALL files in the skill' and to run network queries (curl to GitHub APIs) to gather repo info. Those actions are appropriate for a vetting skill, but they require the agent to have file and network access limited to the target repo/workspace; if the agent's file read scope is broader, these instructions could cause wider data exposure. The instructions themselves do not ask the agent to exfiltrate data or access unrelated credentials.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). This minimizes risk from arbitrary downloads or disk writes.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. The SKILL.md advises rejecting skills that request credentials or access to credential files, which is consistent with a security-focused vetter.
- Persistence & Privilege
- okalways is false and the skill does not request persistent presence or modification of other skills or global agent settings. Autonomous invocation is allowed (platform default) but not excessive for this use case.