Back to skill
Skillv1.0.0
ClawScan security
Code Oracle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 12:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, install surface, and instructions are coherent with a local codebase-analysis/entertainment tool and do not request unrelated credentials or installs.
- Guidance
- This appears to be a local, instruction-only tool that will read your repository (source files, git history, test results, TODOs) to produce its 'oracle' output. If you plan to run it on a private or sensitive repository, be aware it will examine code and history—only enable it where that access is acceptable. Also watch for any follow-up prompts asking you to provide CI/coverage tokens or external service credentials (the skill does not declare any), and refuse to supply unrelated secrets. If you want extra assurance, run it first in a non-sensitive test repo.
Review Dimensions
- Purpose & Capability
- okThe name/description (a playful code-metrics fortune-teller) aligns with the SKILL.md: it reads repository metrics, git history, and produces metaphorical output. There are no declared binaries, installs, or credentials that would be unexpected for this purpose.
- Instruction Scope
- noteSKILL.md instructs the agent to analyze repository data (commit history, test coverage, TODOs, lines changed, CI timing etc.). That is appropriate for a metrics-driven 'oracle', but it means the agent will read source files, git history, and CI/coverage artifacts if present. The instructions as provided are local-analysis focused and do not explicitly instruct exfiltration; however they are broad (use repository and metric data) and could access sensitive code if run in a private repo.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). This minimizes disk writes and third-party code execution risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The metrics it references could optionally come from CI/coverage services, but the skill does not request tokens for those services—so there is no disproportionate credential access declared.
- Persistence & Privilege
- okFlags show no always:true and default autonomous invocation settings. The skill does not request persistent presence or system-wide configuration changes.