Skillv2.8.0

ClawScan security

Master Teacher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 21, 2026, 3:19 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, scripts, and runtime instructions are coherent with its stated purpose (authoring/teaching and local progress tracking) and do not request unrelated credentials or privileged installs.
Guidance: This skill appears to be what it claims: a local course-authoring and tracking helper. Before installing, consider: (1) review the repository owner/source if you plan to clone from GitHub; the packaged scripts are small and readable but verify provenance when using an external repo URL; (2) the skill will create and modify files in whatever workspace/course directory you point it at (progress/state.json, tracking.md, lesson files) — run it in an isolated folder if you don't want those files mixed with other work; (3) SKILL.md advises checking USER.md / MEMORY.md for profiling — review those files for sensitive personal data you don't want the skill to read or include; (4) the skill's prep phase expects the agent or user to fetch external resources (articles/repos/media) — ensure your agent's browsing/IO permissions and the origin of fetched materials are acceptable; (5) no credentials or system-level access are requested. If any of the above concerns you, inspect the scripts (they are included) and test in a sandboxed workspace before regular use.

Review Dimensions

Purpose & Capability: okName/description match the provided scripts and templates. The included Python scripts only create/read/write course files (README, lessons, progress/state.json, tracking.md) and implement expected course lifecycle operations; nothing in the manifest or scripts asks for unrelated capabilities or credentials.
Instruction Scope: noteSKILL.md instructs the agent to 'search for' external materials and clone/save repositories into the course prep directory. That behavior is consistent with researching/sourcing content for a course, but it implies the agent (or user) will fetch and store arbitrary external content and may read USER.md/MEMORY.md for profiling. Users should be aware this can store third‑party content and may surface personal info from USER/MEMORY files.
Install Mechanism: okThere is no install spec in the package (instruction-only install), and all code files are present locally. README suggests cloning from GitHub if desired — that is optional and typical. No remote download/extract steps or unusual installers are present in the packaged files.
Credentials: okThe skill requires no environment variables, credentials, or special config paths. Scripts operate on a course directory provided at runtime and only read/write local files. This is proportionate to a teaching/progress-tracking skill.
Persistence & Privilege: okalways is false and the skill does not request system-wide privileges. Its persistent effect is writing course-related files in the workspace, which is expected behavior. It does not modify other skills or system agent configuration.