Back to skill
Skillv1.0.3
ClawScan security
Openbook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 3:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, lack of installs, and absence of requested credentials match its stated purpose of reading and helping publish public OpenBook Signals.
- Guidance
- This skill appears coherent and low-risk, but before installing: (1) confirm the domain (https://openbook.now) and the referenced GitHub repo are legitimate; (2) never allow the agent to publish or create GitHub PRs on your behalf without explicit consent — creating PRs requires your GitHub credentials which the skill does not declare; (3) review any Signal content for personal or sensitive information before publishing, since Signals are public; (4) if the agent offers to auto-complete or auto-publish Signals, ask it to show the exact payload it will send and require your confirmation before taking any network action.
Review Dimensions
- Purpose & Capability
- okThe name/description (searching/browsing/publishing OpenBook Signals) lines up with the SKILL.md: it only documents public read APIs, a website submission flow, and GitHub PRs. There are no unrelated required binaries, env vars, or config paths.
- Instruction Scope
- okRuntime instructions stay on-purpose: query the public API, show timeline views, suggest field enrichment, and ask users for explicit consent before publishing. The skill does not instruct reading local files or environment variables or exfiltrating data. Note: the instructions mention submitting Signals via GitHub PRs — creating PRs would require GitHub credentials (not requested by this skill) and should only be done with explicit user permission.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk and there is no installer risk.
- Credentials
- okNo environment variables, secrets, or config paths are requested. The documented flows are public (website/API) and GitHub PRs (which would need user-supplied GitHub auth if the agent were to create PRs).
- Persistence & Privilege
- okalways:false and no special persistence or system-wide configuration is requested. The default ability for the agent to invoke the skill autonomously is unchanged and acceptable given the skill's public-read, low-privilege scope.