Back to skill
Skillv4.1.0
ClawScan security
Prompt Engineer Agentic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 2:05 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (prompt engineering for agentic/advisory systems) matches its instructions and included reference modules; it is an instruction-only skill with no installs, no required credentials, and no obvious incoherent or exfiltrative behavior.
- Guidance
- This skill appears coherent and low-risk because it is instruction-only and asks for no credentials or installs. Before installing/using: 1) Note that the registry metadata lists no homepage and the publisher identity is just an owner ID — if provenance matters, verify the author or use a known source. 2) If you enable RAG/grounding, ensure any documents or data you attach are trusted (the skill's grounding guidance expects you to supply sources). 3) Treat outputs like any prompt-engineering assistant: validate prompts and any high-stakes recommendations before deploying, especially in medical, legal, or financial contexts. 4) If you plan to connect this skill to external connectors or agents, audit those connectors separately (this skill's docs recommend multi-agent orchestration but does not itself include connectors).
Review Dimensions
- Purpose & Capability
- okName/description align with the content: all required materials are prompt-engineering guidance and modular reference docs (spec builder, RAG grounding, domain calibration, multi-agent). No unrelated binaries, credentials, or config paths are requested.
- Instruction Scope
- okSKILL.md and reference files instruct the agent to read and use the included reference docs and to produce/iterate/diagnose prompts. There are no instructions to read system files, access environment variables, or send data to external endpoints. RAG guidance assumes grounding to user-provided knowledge bases (expected for this purpose).
- Install Mechanism
- okNo install spec, no downloads, and no code files that would be written/executed. Being instruction-only minimizes on-disk risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. All declared requirements are proportional to a prompt-engineering guide.
- Persistence & Privilege
- okalways is false and autonomous invocation is the platform default. The skill does not request persistent system presence or to modify other skills/configs.