Skillv0.1.1

ClawScan security

News Trust Check · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 11:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and instructions are coherent with its stated purpose (news/claim verification); it requires no credentials, installs nothing, and the included helper script only does local keyword scoring.
Guidance: This skill appears coherent and low-risk: it contains only an instruction document, a trusted-source list, and a small local Python script that scores text by keyword. Before installing, consider: (1) whether you want the agent to have network access when it "queries" sources (the skill assumes the agent can fetch news/fact-check pages); (2) the trusted-source list reflects editorial choices—verify it matches sources you trust; and (3) review operator policies if you need to restrict autonomous web queries. If you are comfortable with the agent performing web lookups, this skill's footprint is proportionate to its purpose.
Findings: [ignore-previous-instructions] expected: SKILL.md and references/high-trust-sources.md deliberately call out 'ignore previous instructions' style coercion as a risk indicator; the scanner flagged this pattern but here it is being used to detect prompt-injection, not to perform one.

Purpose & Capability: okName/description match the contents: SKILL.md describes a cross-check workflow, references list trusted outlets, and a small local script scores claims for risky keywords. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okRuntime instructions stick to claim extraction, source cross-checking, feasibility checks, and structured output. The guidance to "query" official and mainstream sources is expected for this task; the skill does not embed broad directives to read unrelated local files or secrets. The Danger short-circuit and risk indicators explicitly flag prompt-injection style coercion (e.g., "ignore all rules"), which is consistent with the skill's purpose.
Install Mechanism: okNo install spec; instruction-only plus a small Python helper script. Nothing is downloaded from external URLs and no archives are extracted.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The helper script performs local string matching only and does not access network resources or secrets.
Persistence & Privilege: okalways is false and the skill does not request persistent elevated privileges or modify other skills. Autonomous invocation is allowed by default (normal) and is not combined with other concerning factors.