Skillv0.1.1

ClawScan security

Billy — Cron Guardrails Pack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 27, 2026, 5:17 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: a small, instruction-only cron lint tool that reads a file or stdin and performs local static checks with no network or credential access.
Guidance: This appears to be a small, local cron linter with no network calls or credential requests — low risk. You can safely inspect the script (it's short and readable) and run it on example crontabs. As with any third-party code, only run it on files you intend to check (it will read any path you pass) and consider running it in a controlled environment before integrating into automated pipelines. Note: there are minor functional quirks (for example NO_REPLY detection is case-sensitive), but these are correctness issues rather than security concerns.

Purpose & Capability: okName/description (cron lint, NO_REPLY discipline) match the provided files and requirements. The skill only includes a single Python script and SKILL.md; there are no unrelated env vars, binaries, or external services requested.
Instruction Scope: okSKILL.md instructs the agent to run the included script on a crontab file or stdin. The script only reads the supplied path or stdin and performs local static checks (field count, banned model names, presence of NO_REPLY for announce-like commands). It does not access other system paths, environment variables, or external endpoints.
Install Mechanism: okNo install spec is provided (instruction-only with an included script). Nothing is downloaded or written to disk by an installer; risk from installation is minimal.
Credentials: okNo credentials, env vars, or config paths are required. The script only processes input you explicitly pass (file or stdin), so requested access is proportionate to the stated task.
Persistence & Privilege: okThe skill is not always-enabled, does not request persistent presence, and does not modify other skills or system-wide settings.