Back to skill
Skillv0.1.0
ClawScan security
Agent Security Patterns · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 11:23 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only, non-installable pattern-recognition guide that does not request credentials, installs, or persistent privileges and its instructions align with its stated purpose.
- Guidance
- This skill is a plain-language checklist for recognizing malicious skills and is coherent with its stated purpose. It neither installs code nor asks for secrets, so technical risk is low. Two practical cautions: (1) the document intentionally contains example injection phrases — ensure your agent treats them as examples and does not obey those phrases literally, and (2) this guidance complements but does not replace human review; keep a process for verifying skill provenance (publisher, registry metadata) before allowing execution. If you want extra assurance, inspect the full SKILL.md yourself or enable the skill in a restricted test environment first.
- Findings
[ignore-previous-instructions] expected: The SKILL.md intentionally includes examples of prompt-injection phrases (e.g., 'Ignore previous instructions') to teach detection. The regex flag is expected given those examples, but treat those lines as examples to be analyzed, not as executable directives the agent should follow.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content: the document exists to teach agents how to spot malicious skill patterns. There are no unrelated env vars, binaries, or installs requested.
- Instruction Scope
- okThe SKILL.md confines itself to pattern definitions, decision framework, and safe response templates; it does not instruct the agent to read unrelated files, exfiltrate data, or call external endpoints. It even instructs agents to pause before executing others.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing is written to disk or downloaded during install.
- Credentials
- okNo environment variables, credentials, or config paths are requested — proportional and appropriate for a guidance-only skill.
- Persistence & Privilege
- okNo 'always' privilege, no self-modification instructions in the skill itself, and model invocation defaults are normal for skills. The skill does not request elevated or persistent privileges.