Skillv1.0.4

ClawScan security

Embodied Ai News · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 4:19 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only news-aggregation workflow whose declared requirements and included reference files match its stated purpose and do not request unrelated credentials or installs.
Guidance: This is an instruction-only news-aggregation skill and appears coherent with its description. Before enabling: confirm whether your agent has web-browsing or connector permissions (the skill expects to check live sites, GitHub, arXiv, X/Twitter). If you do not want the agent to access the web autonomously, disable autonomous invocation or restrict browsing tools. Review the included source list (news_sources.md) to ensure the set of sites and regional focus are acceptable to you. No credentials are requested, and no code will be installed by the skill.

Review Dimensions

Purpose & Capability: okName/description (embodied-AI news aggregation) align with the included SKILL.md and six reference files: search queries, sources, templates, taxonomy, workflow, and optional GitHub module. Nothing requested (no env vars, no binaries, no installs) is out of scope for a news-aggregation skill.
Instruction Scope: okRuntime instructions describe web search, browsing prioritized sources, classifying stories, optional GitHub repo discovery, and rendering templates. All referenced files are internal to the skill and directly support the stated task. The instructions do require network/browsing capability (e.g., checking live GitHub pages, arXiv, company blogs, X/Twitter) but do not instruct reading unrelated system files or exfiltrating secrets.
Install Mechanism: okNo install spec and no code files are present—this is instruction-only, so nothing is written to disk or downloaded at install time. This is the lowest-risk install model and is proportional to the skill's purpose.
Credentials: okThe skill declares no environment variables, no primary credential, and no config paths. The workflow expects only public web sources and GitHub pages; it does not request tokens or secrets. This is proportionate to an aggregator that pulls publicly available content.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide persistence or to modify other skills. It can be invoked autonomously by the agent (platform default), which is appropriate for an on-demand news briefing skill.