Back to skill
Skillv0.1.0
ClawScan security
blog-writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 2:47 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- This is an instruction-only Markdown blog editing skill whose requests and instructions match its stated purpose; it does not ask for credentials or install anything, but the publisher is unknown so exercise normal caution with sensitive content.
- Guidance
- This skill is instruction-only and appears to do only what it says: edit Markdown you paste in. Before installing or using it: (1) avoid pasting any sensitive personal, medical, legal, or secret data into the drafts you submit; (2) test it first with a non-sensitive sample draft; (3) note the publisher/homepage is missing—if provenance matters to you, prefer skills from known authors or with a homepage; (4) remember the agent can invoke the skill autonomously by default—if you want to prevent that, adjust agent invocation settings.
Review Dimensions
- Purpose & Capability
- okName and description match the actual content: the skill is an instruction-only Markdown blog editor. It does not request unrelated binaries, credentials, or access to cloud services.
- Instruction Scope
- okSKILL.md confines runtime behavior to reading Markdown the user provides and returning edited Markdown. It instructs the agent to ask before structural changes and not to translate or invent facts. It does not instruct reading system files, environment variables, or sending data to external endpoints.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or fetched during install. This is the lowest-risk pattern for a skill.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The instructions only operate on user-provided Markdown, so requested access is proportional.
- Persistence & Privilege
- notealways is false (normal). disable-model-invocation is false (default) allowing autonomous invocation; this is the platform default and not problematic here because the skill has no extra privileges or credentials. If you prefer, you can restrict autonomous invocation in agent settings.