Skillv1.0.0

ClawScan security

Synaptic Pruning · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 8:02 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (finding dead/vestigial code) matches its instructions, but the runtime instructions are open-ended and imply access to production telemetry/CI/infrastructure without declaring how or what credentials are needed — that mismatch and the broad discretion are worth caution.
Guidance: This skill's goal (find and remove 'vestigial' code) is reasonable, but the runtime instructions are broad and imply access to CI/deployment logs and production telemetry that are not described in the skill metadata. Before installing or running it: (1) insist on human review and require the skill to run in a sandbox or on a local copy of the repo first; (2) do not provide production/analytics credentials until you verify exactly which endpoints will be accessed and why; (3) require the skill author to specify the exact data sources (logs, analytics, CI) and the minimal credentials needed; (4) apply conservative thresholds (explicit N) and require an approval step before any code deletion or automated pruning; (5) keep backups and ensure changes go through code review/PRs rather than automatic removal. If the author can provide the full SKILL.md runtime steps that show constrained, read-only access patterns and explicit handling of production telemetry, that would raise confidence; if they expect the agent to autonomously query production systems without explicit credential scoping or human-in-the-loop safeguards, treat it as high risk.

Review Dimensions

Purpose & Capability: okName and description claim a codebase 'pruner' that finds unused features, configs, tests, shims, and modules. The SKILL.md describes detection techniques that operate over source, tests, config, and docs — this aligns with the stated purpose and does not request unrelated capabilities.
Instruction Scope: concernThe provided instructions are high-level and grant broad discretion (e.g., 'Trace every UI element and API endpoint to user-reachable paths', 'Flag features with zero invocations in the last N deployment cycles', 'Cross-reference documentation against CI/CD and infrastructure definitions'). These steps implicitly require reading the repository, CI configs, deployment metadata, and production/telemetry logs or analytics. The SKILL.md does not detail how such logs or external systems should be accessed, nor does it constrain what external endpoints or data sources the agent may query. That vagueness could cause the agent to attempt access to sensitive systems or to make destructive changes if executed without human oversight.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. Nothing will be written to disk by an installer managed by the skill package itself, which minimizes installation risk.
Credentials: noteThe skill declares no required environment variables, credentials, or config paths. However, the detection techniques described make it likely that the agent will need access to CI/CD configs, deployment metadata, invocation logs, analytics, or cloud provider consoles to meaningfully determine 'zero invocations in the last N deployment cycles'. The absence of declared credential needs is a mismatch: either the skill expects the agent to run with repository/local context only, or it omits asking for the specific credentials required to access production telemetry. This should be clarified and credential requests scoped minimally.
Persistence & Privilege: okThe skill does not request always: true, does not include install-time hooks or persistent presence, and does not declare permissions to modify other skills or global agent settings. Autonomous invocation is allowed by default (normal), but there are no exceptional persistence privileges requested.