Back to skill
Skillv1.3.1
ClawScan security
Mood Line · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 8:10 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only skill that transforms user-described feelings into a single expressive line; it requests no secrets or installs and its runtime instructions are consistent with the stated purpose.
- Guidance
- This skill is internally coherent and low-risk: it's instruction-only, asks for no credentials, and uses bundled reference files to drive behavior. Before installing or deploying widely, review the included quote whitelist and safety docs yourself: attributed quotes are produced when the whitelist matches, so any incorrect attributions or translation choices in that file will be used verbatim. Also verify the skill's crisis-handling behavior in practice (the SKILL.md contains sensible safety rules for self-harm signals, but you should test those cases). Finally, because the skill can be invoked autonomously by agents (the platform default), consider whether you want automated generation of attributed lines in any public/published flows — if not, restrict when the skill is used or require human confirmation for outputs that include attribution.
Review Dimensions
- Purpose & Capability
- okThe name/description (turn feelings into a concise line) matches the SKILL.md and the included reference files. The skill is instruction-only, requires no binaries, env vars, or config paths — all appropriate for a text-generation/formatting utility.
- Instruction Scope
- noteThe SKILL.md asks the agent to read several bundled reference files (few-shots, whitelist, quote-safety, style modes, test cases) — this is expected and coherent. One caution: the skill relies on an internal quote whitelist to decide when to attribute famous lines. If the whitelist contains translation/in-attribution errors, the skill may produce attributed quotes based solely on that list. The SKILL.md does state conservative attribution rules, but there is no external verification step described.
- Install Mechanism
- okNo install spec and no code files — lowest-risk model. Nothing is downloaded or written to disk at install time.
- Credentials
- okThe skill requests no environment variables, credentials, or filesystem paths outside its own bundled references. Credential or secret access is not requested and would be unnecessary for the stated purpose.
- Persistence & Privilege
- okalways:false and standard user-invocable/autonomy settings. The skill does not request elevated persistent privileges or modifications to other skills; this is proportionate to its purpose.