Back to skill
Skillv1.0.0
ClawScan security
SchemaPin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 6:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, scope, and requirements match its stated purpose (schema signing/verification); nothing requested is disproportionate or unrelated.
- Guidance
- This skill is internally consistent with its purpose of signing and verifying schemas. Before using it: (1) confirm you trust the upstream SchemaPin packages (install from official registries or pinned releases or verify upstream repo/commit), (2) when running sign/verify flows, restrict the agent's filesystem access so it only reads/writes intended skill directories and pin stores, and (3) treat .well-known discovery endpoints as untrusted until verified—use offline trust bundles or TOFU pinning in high-risk environments. If you need additional assurance, ask the publisher for a reproducible release artifact or public signing key to verify the library itself.
Review Dimensions
- Purpose & Capability
- okThe name/description (SchemaPin: signing and verifying tool schemas, TOFU, .well-known discovery) aligns with the SKILL.md content, which documents canonicalization, signing, verification, resolvers, and skill-folder signing. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteSKILL.md is a developer guide with code examples for signing/verifying schemas and skill directories. It describes network discovery (.well-known) and offline verification, and includes operations that read and canonicalize local directories (sign_skill / verify_skill_offline). That's coherent with the purpose, but be aware these operations read/write local files (pin stores, .schemapin.sig manifests) and may perform HTTP fetches when using the WellKnownResolver—ensure the agent only accesses intended directories and trusted network endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec or bundled code. SKILL.md shows standard pip/npm/go install examples for the external SchemaPin libraries (public package registries) but the skill itself does not perform installs or download arbitrary code.
- Credentials
- okNo required environment variables, credentials, or config paths are declared. The documented flows use public key material, TOFU pin stores, and optional network discovery—these are proportional to the stated functionality.
- Persistence & Privilege
- notealways:false and user-invocable:true (normal). The guidance shows APIs that create local artifacts (.schemapin.sig manifests, pin-store data); that file I/O is expected for signing/verification but you should confirm the agent has permission only to intended directories and is not granted broad filesystem access.