Back to skill
Skillv1.0.0
ClawScan security
Truth Check · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 1:33 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its stated purpose (fact-checking and hallucination detection); it is instruction-only, requests no credentials or installs, and its guidance is proportionate—though it recommends running generated code and verifying external actions, which requires safe runtime practices.
- Guidance
- This skill appears coherent and low-footprint, but note it advises running generated code and verifying external operations — those activities can execute untrusted code or perform side effects. If you install it, ensure the agent runs code in a sandbox or test environment, restrict access to sensitive systems/credentials, and require human review for high-risk outputs. If you need stricter controls, disable autonomous invocation for this skill or limit it to read-only verification tasks.
Review Dimensions
- Purpose & Capability
- okName/description (truth-check / fact-checking) align with SKILL.md: the file lists triggers, verification checklist, confidence tags, and a verification workflow that directly implements the stated goal.
- Instruction Scope
- noteInstructions stay on-topic but explicitly recommend actions that can have side effects: 'run generated code to test it' and 'verify external operations (files/API/messages)'. These are valid for fact-checking but imply the agent may execute code or access external resources — operators should ensure those executions are sandboxed and appropriate for their environment.
- Install Mechanism
- okNo install spec (instruction-only). Nothing is written to disk or downloaded as part of installation, minimizing supply-chain risk.
- Credentials
- okSkill declares no environment variables, credentials, or config paths and the instructions do not reference any secrets or unrelated credentials. The requested capabilities are proportional to fact-checking.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent presence or modify other skills/settings. Autonomous invocation is allowed (platform default) but not elevated by this skill.