Back to skill
Skillv1.0.0
ClawScan security
Legal Client Communication Drafter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 11:57 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a descriptive, instruction-only skill that is internally consistent with its stated purpose of producing non-final client communication frameworks and requests no binaries, credentials, or installs.
- Guidance
- This skill is internally consistent and appears to only provide templates and checklists. Before using it: (1) do not paste privileged, confidential, or personally identifiable documents or secret facts into the chat — supply only the minimum necessary context; (2) remember outputs are non-final and must be reviewed by qualified counsel for jurisdictional rules, deadlines, privilege, and ethics; (3) note that the package source/homepage is unknown—prefer skills from known publishers if you need stronger provenance; and (4) if your agent or deployment allows external network access, verify platform-level controls so that any sensitive content you enter is not transmitted or logged outside your intended environment.
Review Dimensions
- Purpose & Capability
- okName, description, skill.json, README.md, and SKILL.md consistently describe a descriptive-only drafting helper. There are no declared env vars, binaries, or installs that would be unrelated to generating templates and checklists.
- Instruction Scope
- noteSKILL.md stays within the stated scope (frameworks, templates, checklists) and explicitly forbids code execution, external API calls, or filings. It does ask users to provide facts, documents, dates, and jurisdiction information — expected for drafting but potentially sensitive. The skill does not provide any enforcement mechanism; users should avoid pasting privileged or confidential materials they do not want in the agent context.
- Install Mechanism
- okNo install spec and no code files are present. Instruction-only package means nothing is written to disk by the package itself, which is proportionate for a purely descriptive skill.
- Credentials
- okNo environment variables, credentials, or config paths are requested. That matches the described capabilities and is proportionate.
- Persistence & Privilege
- okalways:false and default autonomous invocation are used. The skill does not request persistent system presence or modify other skills. This is normal for a document-only descriptive skill.