Skillv1.0.0

ClawScan security

Craftsman · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 11:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is an instruction-only informational piece about the Craftsman brand and asks for no credentials, installs, or privileged access — its requested footprint matches its stated purpose.
Guidance: This skill appears safe and coherent: it only provides brand history and analysis and requests no permissions. However, the source and homepage are unknown — if provenance matters to you, prefer skills with a clear author, homepage, or repository. Because the skill can be invoked autonomously by the agent (platform default), review your agent's skill usage policies if you want to limit automatic calls; otherwise there are no security red flags here.

Purpose & Capability: okThe skill is a brand/history reference for Craftsman tools. It declares no binaries, env vars, or config paths and does not request capabilities beyond delivering informational content, which is proportionate to its purpose.
Instruction Scope: okSKILL.md contains only triggers for when to consult the content and the brand history/analysis itself. It does not instruct the agent to read local files, environment variables, or to send data to external endpoints; scope is limited to providing informative responses.
Install Mechanism: okThere is no install specification and no code files. This is the lowest-risk pattern (instruction-only), so nothing is written to disk or fetched at install time.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate access requested relative to its simple informational function.
Persistence & Privilege: okalways is false and the skill does not request any elevated or persistent privileges. Model invocation is enabled (the platform default), which is appropriate for an informational skill and not a concern by itself.