Back to skill
Skillv1.0.0
ClawScan security
Error Rosetta · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 10:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions (reading source files and repo context) match its purpose of translating errors; nothing requested or installed is disproportionate or unrelated, but it does require access to your codebase and commit history to work effectively.
- Guidance
- This skill is coherent for translating errors, but it relies on the agent having read access to your project files and git history to provide precise, code-specific fixes. Before installing or invoking: (1) confirm whether the agent runtime will actually have access to the repository and what boundaries (workspace root, file globs) are used; (2) avoid running it on sensitive or private code unless you trust the environment and logs won't be sent externally; (3) check your platform/privacy settings to ensure the agent won't exfiltrate snippets to external services you don't control. If you prefer, run it only on non-sensitive example files or locally with explicit, limited file access.
Review Dimensions
- Purpose & Capability
- okName/description (translate cryptic errors into plain-language, root cause, and exact fix) aligns with the instructions which explicitly require inspecting the referenced file/line, stack trace, and repository context.
- Instruction Scope
- noteSKILL.md instructs the agent to read the file and specific line mentioned in the error, examine data flow across the codebase, check recent commits, and look for similar errors elsewhere. These actions are coherent with the stated purpose but imply broad read access to your project files and git history — a privacy-sensitive scope. The instructions do not direct the agent to send data to external endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk or downloaded by the skill itself.
- Credentials
- okSkill requests no environment variables, credentials, or config paths. Its need to access repository files and commits is proportional to its debugging goal and does not require unrelated credentials.
- Persistence & Privilege
- okalways:false and no persistent/install behavior. The skill does not request elevated or permanent presence and does not modify other skills or system settings.