Back to skill
Skillv1.0.1
ClawScan security
Blog Polisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 4:19 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill is internally consistent: it reads a local markdown draft, performs language/clarity edits, and writes a polished file without requesting credentials, installs, or unusual system access.
- Guidance
- This skill appears to do exactly what it says: read a local markdown file, suggest/preview edits, and write a polished copy. Before installing or running, confirm the agent's 'read_file'/'write_file' tools are trusted and confined to local files (so your drafts or sensitive snippets aren't sent elsewhere). Don't use this on drafts containing secrets (API keys, passwords, private tokens). If you want extra assurance, open SKILL.md yourself and run the skill on a non-sensitive sample first.
Review Dimensions
- Purpose & Capability
- okName/description (blog polishing) matches the declared inputs and the SKILL.md workflow, which only requires reading a markdown file and writing a polished version.
- Instruction Scope
- okSKILL.md only instructs the agent to read the provided draft path, analyze and edit text, preview changes, and write a polished file. It does not ask to read unrelated files, environment variables, or send data to external endpoints.
- Install Mechanism
- okNo install spec or code files beyond SKILL.md and included draft sample; nothing will be downloaded or written to disk by an installer.
- Credentials
- okNo environment variables, credentials, or config paths are required. The few references to OpenClaw config in the included draft.md are informational only and not used by the skill's runtime instructions.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated or persistent privileges. It only performs per-invocation read/write operations on the specified draft file.