Back to skill
Skillv3.0.0
ClawScan security
TypeScript Coder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 10:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only TypeScript expert helper whose requested actions and files match its stated purpose and which does not request extra credentials, installs, or unusual privileges.
- Guidance
- This skill appears coherent and safe as an offline TypeScript guide: it mainly advises running developer commands (npm install, npx tsc, editing tsconfig.json) and includes extensive reference text. Before allowing the agent to act on a repository, review and approve any proposed package installs or file edits, run them in a development/isolated environment if possible, and ensure your CI/tests pass after migration. If you don't want the agent to execute commands automatically, restrict execution privileges and require explicit consent for changes that modify package.json, install dependencies, or write files.
Review Dimensions
- Purpose & Capability
- okName/description (TypeScript migration, tsconfig, fixing type errors) align with the provided SKILL.md and reference docs. There are no unrelated required binaries, env vars, or config paths.
- Instruction Scope
- noteSKILL.md gives concrete, scoped developer actions (npm install --save-dev typescript, npx tsc --init, editing tsconfig.json, adding JSDoc). These commands will modify a project (install dev dependencies, create/alter files); that behavior is expected for the stated purpose but the user should be aware the agent may suggest or perform file and package changes.
- Install Mechanism
- okNo install spec or code files; the skill is instruction-only so nothing is downloaded or written by the skill package itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. Example code references (e.g., fetch examples) are illustrative and not requests for secrets.
- Persistence & Privilege
- okalways is false and default autonomous invocation is allowed (normal). The skill does not request persistent presence or any cross-skill/system configuration changes.