Back to skill
Skillv1.0.0
ClawScan security
Skill Vetter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 29, 2026, 10:32 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only vetting checklist whose requirements and instructions align with its stated purpose and do not request extra privileges or install code.
- Guidance
- This skill is a checklist-only vetter and appears coherent and low-risk. Before relying on it: (1) verify the vetter's own source — a vetting tool should itself be reviewed; (2) restrict the agent's file/network permissions while running automated vetting so it can't read unrelated system files; (3) when the vetter recommends rejecting a skill, manually confirm any high-risk claims (e.g., network exfiltration, credential access) before denying or permitting installation.
Review Dimensions
- Purpose & Capability
- okName/description match the content: SKILL.md provides a step-by-step vetting protocol and quick commands for inspecting GitHub-hosted skills. It does not request unrelated credentials, binaries, or installs.
- Instruction Scope
- noteInstructions focus on reviewing skill files, checking repo metadata, and searching for red flags. This is appropriate for a vetting tool. Note: the doc tells the agent to "read ALL files in the skill" and to use network curl commands to fetch GitHub content — both are expected for code review but could be misused if the agent is permitted to read arbitrary system paths. The skill itself does not instruct access to system dirs beyond inspecting the skill package.
- Install Mechanism
- okNo install spec and no code files — lowest-risk form. There is no download or extraction, so nothing will be written to disk by the skill itself.
- Credentials
- okRequires no environment variables, no credentials, and no config paths. The guidance to query GitHub APIs implies network access but nothing that requires secrets.
- Persistence & Privilege
- okalways:false and no instructions to modify agent or system configuration. Normal autonomous invocation is allowed but not excessive for this skill's function.