Skillv1.0.0

ClawScan security

Code QC · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 18, 2026, 12:21 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, files, and runtime instructions align with its stated purpose (code quality auditing); nothing requests unrelated credentials or hidden network endpoints — but it intentionally runs/test-imports target code, so run it only on trusted or sandboxed repositories.
Guidance: This skill appears coherent for auditing codebases. Important safety notes before you run it: 1) Many phases intentionally import project packages and run tests/smoke-tests — those actions execute the project's code (which can perform network calls, modify files, or run arbitrary commands). Only run this on code you trust or inside an isolated environment (container/VM) with restricted network and file permissions. 2) Avoid `--fix` or automatic fix modes on unreviewed repos (they apply code changes). 3) Inspect any .qc-config.yaml and the included helper scripts (import_check.py, docstring_check.py, syntax_check.py) if you need assurance about behavior — import_check.py uses importlib to import modules (normal for import checks, but see point 1). 4) If you plan to run on untrusted code, run in CI-like sandbox with no secrets mounted and limited outbound network access. If you want, I can highlight exact lines in the helper scripts that cause code execution and suggest a safe sandbox command to run the audit.

Review Dimensions

Purpose & Capability: okThe name/description (code quality audit) matches the included materials: SKILL.md describes running tests, linters, type checks and saving baselines, and the repository includes helper scripts (import_check.py, syntax_check.py, docstring_check.py) used by those phases. No unrelated credentials, binaries, or install steps are declared.
Instruction Scope: noteInstructions explicitly tell the agent to run project test suites, import modules, run linters, run smoke tests, and inspect git state and config files (e.g., .qc-config.yaml). Those actions are expected for a QC tool but have an important runtime implication: importing modules and running tests may execute arbitrary project code (including network I/O, filesystem changes, or side effects). The SKILL.md itself does not instruct exfiltration or contacting unknown external endpoints, but several phases (smoke tests, API/UI checks, running test suites) will execute project code and potentially reach external resources unless the operator restricts the environment.
Install Mechanism: noteThere is no install spec (instruction-only skill). The documentation instructs use of external tools (ruff, eslint, mypy, gdtoolkit, pytest, jest, etc.) and gives pip/npx commands to install them. That is normal, but the skill assumes those tools are available and will invoke them; nothing in the package downloads arbitrary code during installation.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. SKILL.md references common CI/environment detection variables for detection purposes (e.g., CI, GITHUB_ACTIONS, KUBERNETES_SERVICE_HOST) but does not require or exfiltrate them. The requested access (filesystem, git state, running tests/imports) is proportional to a code-audit tool.
Persistence & Privilege: okFlags indicate no 'always: true' or other elevated persistence. The skill is user-invocable and may be run autonomously per platform defaults, which is expected for skills. It does not request to modify other skills or global agent configuration.