Skillv1.0.0

ClawScan security

Reading Progress Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 15, 2026, 12:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with a lightweight reading-tracker: it needs no credentials, does not call external services, and only parses user-provided text and the local SKILL.md.
Guidance: This skill appears coherent and low-risk: it parses user-provided text and the local SKILL.md to produce a markdown dashboard, does not access the network or secrets, and requires no installs. Still, note that handler.py is executable code — running any third-party code carries the usual risk, so review the included files yourself if you are uncomfortable, and avoid supplying sensitive data as input.

Purpose & Capability: okName/description (reading dashboard) match the actual behavior: parsing user text to extract titles, format, progress, a session note, and queues. No unrelated credentials, binaries, or installation steps are requested.
Instruction Scope: okSKILL.md instructions are narrowly scoped to producing a markdown dashboard from user inputs; the code only reads SKILL.md locally for metadata and the provided input text. There are no instructions to read other system files, collect environment data, or transmit data externally.
Install Mechanism: okNo install spec is provided (instruction-only) and included code is self-contained Python with no external downloads or package installation. Nothing is written to disk aside from normal runtime behaviour.
Credentials: okThe skill requires no environment variables, credentials, or config paths. All input is supplied by the user and parsing is local; requested privileges are proportional to the stated purpose.
Persistence & Privilege: okalways is false and the skill is user-invocable (normal). The skill does not attempt to modify other skills or system-wide settings; its runtime is limited to the included handler code.