Back to skill
Skillv1.0.0
ClawScan security
Legal Privacy Impact Assessment Guide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 2:17 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a documentation-only skill that supplies checklists and templates for privacy impact assessments; it contains no code, no installs, and requests no credentials, so its declared requirements align with its stated purpose.
- Guidance
- This skill is a document-only guide for running privacy impact assessments and appears internally consistent. It does not execute code or request credentials. Before using it, remember: (1) this is informational only and not legal advice — verify anything important with qualified counsel; (2) do not paste privileged, confidential, or sensitive data into the skill/agent prompts; (3) if you require the agent not to act autonomously, disable autonomous invocation in your agent settings even though this skill itself is harmless.
Review Dimensions
- Purpose & Capability
- okThe name/description (privacy impact assessment guidance) matches the contents: SKILL.md, README, and skill.json are all descriptive and focused on templates, checklists, and prompts. There are no unrelated permissions, binaries, or cloud credentials requested.
- Instruction Scope
- okRuntime instructions are limited to asking for context/facts and producing checklists, memos, and matrices. The skill explicitly disclaims legal advice and forbids external calls, code execution, or retrieval of records. It does ask the user to supply facts/documents (which is appropriate for the task) — users should avoid pasting confidential or privileged material into an LLM.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). That is the lowest-risk install profile and consistent with the acceptance criteria in ACCEPTANCE.md.
- Credentials
- okThe package requests no environment variables, credentials, or config paths. This is proportionate for a descriptive, non-integrated guidance skill.
- Persistence & Privilege
- okalways is false and the default autonomous invocation is allowed (disable-model-invocation=false). This is the platform default and is not problematic here because the skill has no external access or credentials. The skill does not attempt to modify other skills or system settings.