Back to skill
Skillv1.0.0
ClawScan security
Goal Chunking Helper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 2:02 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only goal-planning helper; its code only reads the local SKILL.md and transforms user input into a markdown plan with no network calls, secrets, or elevated privileges requested.
- Guidance
- This skill appears coherent and low-risk: it runs locally, parses the bundled SKILL.md, and formats a goal breakdown without network access or credential use. If you want extra assurance, review the bundled handler.py (it only uses stdlib modules and reads SKILL.md) and the SKILL.md content to confirm the behavior matches your expectations. Be aware the skill will echo any sensitive text you provide into the generated plan, so avoid pasting secrets or private data into the goal text.
Review Dimensions
- Purpose & Capability
- okName/description (goal chunking) match the code and SKILL.md: the handler produces milestone/action/dependency suggestions. There are no unrelated requirements (no cloud creds, no extra binaries).
- Instruction Scope
- okSKILL.md restricts itself to decomposing goals and explicitly says no integrations. The runtime handler only reads SKILL.md (local) and the provided inputs; it does not reference system files, environment secrets, or external endpoints.
- Install Mechanism
- okNo install spec is provided and the skill is instruction/code-only. Nothing is downloaded or written to unexpected locations.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The code does not access os.environ for secrets or attempt to load other configuration.
- Persistence & Privilege
- okalways is false and the skill does not request permanent presence or modify other skills or system settings. It only reads its own SKILL.md file.