Skillv1.0.0

ClawScan security

Plant Identifier · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 6:13 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested resources and runtime instructions are consistent with a local, image-based plant identification helper that stores observation notes only with user consent.
Guidance: This skill is internally consistent and low-risk: it only needs a local folder for optional observation notes and otherwise contains only instructions. Before installing, confirm you want the skill to inspect images (ensure your agent's image capabilities are trustworthy). When the skill asks to save an observation, decline if you do not want photos or location/context recorded on disk. Remember that the SKILL.md's claim of "no network requests" is a behavioral rule, not an enforcement mechanism — if you require guaranteed offline operation, test it in your agent environment or check platform logs to confirm no outbound network activity occurs. If you later install related skills (image, photos, plants), review their permissions as they may request additional capabilities.

Review Dimensions

Purpose & Capability: okName/description (photo-based plant ID, ranked candidates, follow-up guidance, optional local log) match the instructions and declared requirements: no external credentials, no binaries, and a local memory folder under ~/plant-identifier/. Nothing requested appears unrelated to plant identification.
Instruction Scope: noteSKILL.md stays within scope: it describes stepwise evidence evaluation, asks for additional photos when needed, and only writes files after explicit user approval. Two caveats: the skill asserts it "does NOT make network requests" — this is a policy in the instructions but cannot be enforced by the static files; actual runtime behavior depends on the agent environment. Also the skill assumes the agent can inspect images; ensure your agent's image-processing capability aligns with that assumption.
Install Mechanism: okNo install spec and no code files (instruction-only). This is low-risk because nothing is being downloaded or executed by the skill itself.
Credentials: okNo environment variables, credentials, or external config paths are requested. The only filesystem access described is to a dedicated directory under the user's home (~ /plant-identifier/) for optional local notes, which is appropriate for the stated purpose.
Persistence & Privilege: noteThe skill is not always-enabled and does not demand elevated privileges. It can be invoked autonomously by the agent (default platform behavior); it will write to the user's home directory only after user approval. Users should be aware that allowing autonomous invocation plus approving local storage enables the skill to create persistent files under ~/plant-identifier/.