Skillv1.0.0

ClawScan security

Greece · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 10:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent for planning Greece trips: it's instruction-only, stores trip memory under ~/greece/, requests no credentials or installs, and its files match the described purpose.
Guidance: This skill appears coherent and low-risk, but consider these practical points before installing: 1) The skill promises not to access files outside ~/greece/ or make network requests — that's a behavioral claim in the instructions, not an enforced sandbox; if you require strong guarantees, confirm the platform enforces filesystem/network restrictions for skills. 2) Do not store highly sensitive documents (full passport scans, passwords, long-term private IDs) in ~/greece/; the memory files are intended for planning notes and bookings. 3) The included sources.md lists external URLs as references — the agent may suggest checking them, but it should not fetch them unless the platform permits outbound network calls. 4) Related skills listed (booking, car-rental, etc.) may request credentials or wider permissions; review those skills separately before installing. 5) If you want tighter control, inspect created ~/greece/memory.md after first run and back it up or remove sensitive fields.

Review Dimensions

Purpose & Capability: okName, description, and the provided markdown files are all travel-planning content. The only resource the skill requires is a local config path (~/greece/) used to store memory and notes — this matches the stated purpose and is proportionate. There are no unrelated env vars, binaries, or surprising permissions requested.
Instruction Scope: noteRuntime instructions operate on local files under ~/greece/ (read/write memory.md, read setup.md, use the included sources.md as references). The SKILL.md explicitly states the skill will not access files outside ~/greece/ or make network requests — that is coherent with the travel-planning scope. However, that is a policy-level claim in prose: the platform or agent runtime must enforce those limits. 'sources.md' contains external URLs as references but the skill's instructions do not instruct fetching them; if the platform allows outbound network access to the agent, the agent could still be capable of contacting those links unless sandboxed.
Install Mechanism: okNo install specification or code files are included (instruction-only skill). This is lowest-risk from an installation perspective: nothing is downloaded or written by an installer.
Credentials: okThe skill requires no environment variables, keys, or credentials. The single declared resource is a config path (~/greece/) used for storing trip memory — proportional to function. No sensitive platform-level credentials are requested.
Persistence & Privilege: okalways:false and user-invocable:true (defaults) — no forced global presence. The skill stores its own memory under ~/greece/ which is appropriate for its purpose and does not request altering other skills or system-wide settings. Autonomous invocation is allowed by platform default but is not combined with any high-risk capabilities here.