Back to skill
Skillv0.1.0
ClawScan security
Creating R Research Projects · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 9:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with its stated purpose of creating reproducible R research projects; it is instruction-only, requests no credentials, and does not contain unexpected install steps or endpoints.
- Guidance
- This skill appears coherent, but follow these practical precautions before running generated scripts: 1) Review any generated R scripts and report templates before executing them. 2) Installing R/CRAN/Bioconductor packages requires network access and may compile/run code during installation—run in a controlled environment (container or isolated VM) if you are concerned. 3) Use renv::restore and run in a project-specific library to avoid touching system-wide packages. 4) If you will analyze sensitive or regulated data (clinical/genomic), ensure you comply with your data-handling policies and avoid uploading data to external services. 5) Ensure you have R (>=4.0), renv installed, and Quarto/TeX if you need PDF rendering. Overall the skill is instruction-only and requests no secrets, but always inspect generated code and run it in a safe environment.
Review Dimensions
- Purpose & Capability
- okThe name/description (create R research projects) matches the instructions and included files: creating project structure, using renv, installing R/bioconductor packages, generating reports and scripts. No unrelated services, binaries, or credentials are requested.
- Instruction Scope
- okThe SKILL.md stays within scope: it creates directories, writes templates/scripts, initializes renv, and suggests installing CRAN/Bioconductor packages and rendering reports. It does not instruct reading unrelated system files, exfiltrating data, or calling external endpoints beyond standard package repositories.
- Install Mechanism
- okThere is no install spec and no code files that would be downloaded or executed by an installer. The skill is instruction-only, so nothing is written to disk by an installer step.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The use of renv and R package installation is appropriate for the stated purpose.
- Persistence & Privilege
- okalways is false and there are no indications the skill modifies other skills or requires persistent elevated privileges. It is user-invocable and does not request permanent presence.