Skillv1.0.0

ClawScan security

Performance Profiler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 21, 2026, 11:20 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only performance-analysis helper that requests no credentials or installs and is internally consistent with its stated purpose, though its example implementation is simplistic and may produce false negatives.
Guidance: This skill is low-risk in terms of installation and credentials — it is instruction-only and asks for no environment access. Before using it, avoid sending sensitive or proprietary source code to an untrusted third party (the skill owner is unknown). Also be aware the included example implementation is very simple and uses brittle regexes that can miss issues or give false positives; do not rely on this skill as a comprehensive profiler—use established static analysis/profiling tools for critical assessments.

Purpose & Capability: noteName/description (performance analysis) match the provided SKILL.md and the minimal JS pseudocode in skill.yaml. The skill requests no binaries, env vars, or config paths, which is appropriate for a static code-analysis helper. Note: the example regex checks in skill.yaml are simplistic and contain mistakes/edge cases (likely to miss real issues or produce false positives).
Instruction Scope: okSKILL.md confines itself to analyzing code, listing trigger phrases, detection goals, and example output. It does not instruct the agent to read unrelated system files, environment variables, or transmit data to external endpoints.
Install Mechanism: okNo install specification and no code files that would be written or executed on disk. Instruction-only skills have the lowest install risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate to a static performance-analysis helper.
Persistence & Privilege: okalways:false and no claims of modifying agent/system configuration. The skill does not request permanent presence or elevated privileges.