Back to skill
Skillv1.0.0
ClawScan security
Review Lens · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 9:56 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only code-review helper that does not request credentials, install components, or instruct the agent to access system files — its declared capabilities match what it asks for.
- Guidance
- This skill is instruction-only and appears coherent for code review. It does not itself access your system or request secrets, but be careful what you paste into the agent: code snippets can contain API keys, PII, or proprietary logic. Redact secrets before sharing, and review the full SKILL.md if available to confirm there are no hidden directives before use.
Review Dimensions
- Purpose & Capability
- okThe skill describes a focused code-review assistant (finding edge cases, failure paths, state issues). It requests no binaries, no environment variables, and no installs — all proportionate to an instruction-only analysis tool.
- Instruction Scope
- okSKILL.md contains guidance for analyzing code (seven lenses) and example checks; it does not instruct the agent to read arbitrary system files, access credentials, or post data to external endpoints. It appears scoped to analyzing code provided to the agent.
- Install Mechanism
- okNo install spec and no code files — the lowest-risk form (instruction-only). Nothing will be written to disk by the skill itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There are no hidden or disproportionate credential requests in the provided instructions.
- Persistence & Privilege
- okalways is false and the skill does not request permanent system presence or modification of other skills. Autonomous invocation is allowed (platform default) but not combined with other elevated privileges.