Back to skill
Skillv1.0.0
ClawScan security
Accessibility V2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 6, 2026, 7:28 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only accessibility helper whose stated purpose (WCAG audits and fixes) matches its minimal requirements and contains no unexpected installs or credential requests.
- Guidance
- This skill appears coherent and minimal, but it is very high-level. Before enabling it: 1) Clarify whether the agent will only suggest fixes (diffs/PRs) or will modify files directly; prefer suggestions/PRs you can review. 2) Limit the agent's repository/file access to only the UI code it needs and avoid giving access to secrets or unrelated projects. 3) Specify which tools/versions (e.g., Lighthouse) you want used and run the checks in a sandbox or CI pipeline first. 4) Require human approval for any automated writes. If you need stronger guarantees, ask the author for a more detailed SKILL.md that lists exact commands, expected inputs/outputs, and the mechanism for applying fixes.
Review Dimensions
- Purpose & Capability
- okName/description (WCAG checks and accessibility fixes) align with the SKILL.md workflow (AUDIT → IDENTIFY → FIX → TEST). The skill declares no binaries, env vars, or installs that would be unrelated to performing UI accessibility checks.
- Instruction Scope
- noteSKILL.md is high‑level and does not specify concrete commands, file paths, or how fixes are applied. That vagueness gives the agent broad discretion (e.g., reading project files or proposing/writing changes). The actions described (run Lighthouse, add ARIA labels, adjust contrast) are within the skill's scope, but you should expect to review any automated edits before they are applied.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). Nothing will be downloaded or written to disk by the skill itself based on the provided metadata.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths — appropriate for an instruction-only accessibility checker.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). The skill does not request persistent system presence or modification of other skills/configs.