Back to skill
Skillv1.0.0
ClawScan security
Food Hygiene & HACCP Docs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 10:46 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (generating UK food‑safety/HACCP documents) matches its instructions and requested resources — it is an instruction-only template generator that asks for no credentials or installs.
- Guidance
- This skill appears internally consistent and does what it says (generate UK food‑safety documents). Before relying on outputs: 1) verify any generated HACCP plans and critical limits with a qualified food‑safety professional or your local EHO — the skill itself warns this is required; 2) confirm the legal references and critical limits are up to date for your jurisdiction (the package has no homepage or provenance metadata); 3) test the skill with non‑sensitive sample data first to judge quality and completeness; and 4) do not treat generated documents as a substitute for properly implemented procedures or professional sign‑off — use them as templates to be reviewed and adopted into your operation.
Review Dimensions
- Purpose & Capability
- noteThe name, description, README and SKILL.md all consistently describe generating UK HACCP and food‑safety documents. The skill requests no binaries, env vars, or config paths — which is proportionate for a document generator. Note: source/homepage are missing (provenance unknown) and the skill claims to reference 'current legislation' but provides no update mechanism; users should verify legal accuracy and timeliness of outputs with a qualified professional.
- Instruction Scope
- okSKILL.md contains explicit instructions to generate HACCP plans, allergen matrices, cleaning schedules, etc., and to include a verification disclaimer. It does not instruct reading local files, accessing unrelated environment variables, contacting external endpoints, or aggregating unrelated system data.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes on‑disk execution risk; nothing is downloaded or installed by the skill itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths, which is appropriate for a document/template generator. There are no requested secrets or external service tokens.
- Persistence & Privilege
- okalways is false and the skill is user‑invocable. It does not request persistent system privileges or modifications to other skills. Normal autonomous invocation is allowed (disable-model-invocation: false) which is expected behavior for skills.