Back to skill
Skillv1.0.0
ClawScan security
Osmotic Pressure · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 9:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, conceptual analysis guide that is internally consistent with its name and description and requests no credentials, binaries, or installs.
- Guidance
- This skill is a written analytical framework — it does not access your system or require credentials. That makes it low-risk, but also means it can only help if you (or the agent) provide context such as code, metrics, or tickets. Be mindful about what you paste or upload when following its advice: do not share secrets, credentials, or private data unless you're sure it's necessary and safe. If you expect the skill to run automated scans over your repository or systems, note that the published package contains no code to do that — any automated analysis would require additional tooling or explicit agent actions, so review any follow-up prompts carefully.
Review Dimensions
- Purpose & Capability
- okThe name and description (detecting and mapping 'complexity pressure' across boundaries) match the SKILL.md content. The skill declares no binaries, env vars, or installs — which is proportionate for a purely cognitive/analytical tool.
- Instruction Scope
- okSKILL.md is documentation and conceptual guidance for identifying five 'pressure' patterns. It contains no runtime commands, no references to files, config paths, or environment variables, and does not instruct the agent to phone home or call external endpoints.
- Install Mechanism
- okThere is no install spec and no code files; nothing is written to disk or fetched at install time. This is the lowest-risk installation model.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no request for unrelated sensitive access (cloud creds, tokens, etc.).
- Persistence & Privilege
- okalways is false and the skill is user-invocable only. It does not request persistent presence or elevated privileges, nor does it attempt to modify other skills or global agent configuration.