Back to skill
Skillv1.0.0
ClawScan security
Journal to Post · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:24 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (turning journal entries into social posts) matches its instructions and requirements; it requests no extra permissions or installs, but you should still avoid passing highly sensitive personal data to it.
- Guidance
- This skill is internally consistent and only needs the journal text or path you provide. Before using it: (1) don't feed highly sensitive or identifying information (SSNs, passwords, medical details) — redact those first; (2) if you pass a file path, double-check it's the intended file; (3) review any generated posts before publishing; and (4) if you need stronger privacy guarantees, avoid pasting raw journal entries and instead provide a redacted or summarized version.
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md all focus on transforming journal text into 1–3 shareable posts. No declared binaries, env vars, or installs are required — consistent with an instruction-only text transformation skill.
- Instruction Scope
- noteInstructions accept direct text or a file path (reasonable for this skill). The doc does not instruct the agent to read unrelated files or env vars. Note: because it processes personal writing, the SKILL.md does not add explicit guardrails for removing PII or extremely sensitive content — users should avoid supplying such data.
- Install Mechanism
- okNo install spec and no code files — lowest-risk instruction-only skill. Nothing is downloaded or written to disk by an installer.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The scope of required access is minimal and appropriate for a text-transformation task.
- Persistence & Privilege
- okDefaults used (not always:true). The skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by default but is standard platform behavior and not by itself a red flag here.