Back to skill
Skillv1.0.0
ClawScan security
Settlement Reconciliation Guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 1:47 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with its stated purpose: it heuristically builds reconciliation briefs locally and does not request secrets, install anything, or call external services.
- Guidance
- This skill appears coherent and low-risk: it runs locally to generate reconciliation briefs from user prompts and includes unit tests. Before installing, confirm you trust the skill source (it has no homepage and an unknown source). If you plan to use it in production or grant it autonomous invocation, review the full handler.py (present in the package) to ensure it won't be modified later to add network calls or secret access, and avoid sending sensitive or private credentials in prompts (the skill processes prompt text). Running the included tests in a sandboxed environment is a good quick sanity check.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: the handler parses a prompt or input dict and emits a structured reconciliation brief. No unrelated credentials, binaries, or external services are required.
- Instruction Scope
- okSKILL.md explicitly states the skill is heuristic and will not query live portals; the handler code only reads local SKILL.md and processes input text to produce a brief. There are no instructions to read arbitrary system files or transmit data externally.
- Install Mechanism
- okThere is no install spec (instruction-only style). The package includes local Python code and tests but does not download or extract code from external URLs.
- Credentials
- okThe skill declares no required env vars, no primary credential, and the code does not reference environment variables or config paths. Requested privileges are minimal and proportionate to the task.
- Persistence & Privilege
- okalways is false and model invocation is not disabled (normal). The skill does not attempt to persist or modify other skills or system-wide settings.