Skillv1.0.0

ClawScan security

Log Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 1:08 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are coherent with its stated purpose (log analysis); it does not request credentials or perform networking, but it has minor correctness/robustness issues you should be aware of before use.
Guidance: This skill appears to do what it says: analyze a log file you point it at and produce summaries. Before using it on sensitive systems: 1) inspect the script locally (it is included) and run it in a controlled environment; 2) be aware of two bugs — the '--since' timestamp filter uses simple string comparison (may be incorrect for varying timestamp formats) and the '--severity' option is computed but not enforced (it won't filter lines as expected); 3) ensure you only pass log files you intend to share with the tool (it reads the file you give it and nothing else); and 4) consider validating timestamp parsing for your log format and testing on a copy of logs if they contain sensitive PII. Overall there are no network calls or secret exfiltration code present.

Purpose & Capability: okName/description match the included Python analyzer. The files and runtime instructions are limited to parsing and summarizing a user-specified log file; nothing requires cloud credentials, unrelated binaries, or system-wide configuration.
Instruction Scope: noteSKILL.md instructs running the bundled script on the target logfile and the script operates only on the file path the user supplies. There are some implementation issues: the '--since' comparison uses raw string comparison of extracted timestamp substrings (can give incorrect results across formats) and the computed 'severity_filter' is never actually applied to skip lines — the '--severity' flag is documented but not enforced. These are functional/robustness problems, not signs of hidden exfiltration or scope creep.
Install Mechanism: okNo install spec (instruction-only plus a small Python script included). No remote downloads or package installs are performed by the skill, minimizing installation risk.
Credentials: okThe skill declares no environment variables, credentials, or config paths and the code does not read env vars or external config files. It only reads the logfile path provided by the user.
Persistence & Privilege: okThe skill does not request permanent/always-on presence, does not modify agent configuration, and does not attempt to persist credentials or alter other skills.