Back to skill
Skillv1.0.0
ClawScan security
Search Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 6:26 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, file layout, and behaviors are consistent with a design-and-architecture helper for building search engines; it requires no external credentials or installs and only persists non-sensitive notes under a predictable local path.
- Guidance
- This skill is coherent and appears to do what it says: design and operational guidance for search engines. Before enabling it long-term, review and approve the directory ~/search-engine/ that it will create and update; verify it does not contain secrets you care about; explicitly confirm any connection it proposes to external systems (Elasticsearch, APIs, etc.); and, if you prefer no persistence, tell the agent to keep session-only memory or delete the created files after use.
Review Dimensions
- Purpose & Capability
- okName and description (design/build search engines) match the content and files: architecture guidance, evaluation metrics, retrieval patterns, setup, and a memory template. There are no unexpected binaries, env vars, or remote endpoints declared.
- Instruction Scope
- noteRuntime instructions operate on local project files under ~/search-engine/ (create/read/write). That behavior is appropriate for a design/operational skill, but it does give the skill persistent file access in the user's home directory — users should expect files to be created and updated and should review them. The SKILL.md explicitly says not to store secrets by default.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is downloaded or written by an installer. Lowest-risk install profile.
- Credentials
- okNo required environment variables, credentials, or config paths are requested. Related-skills list mentions connectors (e.g., elasticsearch, api) but those are optional and require user confirmation before use.
- Persistence & Privilege
- noteThe skill persists state under ~/search-engine/ per its memory template (activation preferences, constraints, notes). It does not request always:true or elevated platform privileges. Users should be aware that memory is persistent across sessions and that the agent may store non-sensitive context there unless they decline.