Back to skill
Skillv1.0.0
ClawScan security
What To Eat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 4:10 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only 'what to eat' recommender that asks for no credentials, installs, or filesystem access and its runtime instructions match its description.
- Guidance
- This skill is low-risk: it only contains textual rules for generating food suggestions and requests no secrets or installs. You can safely test it with sample prompts. Note: if you later connect this skill to other skills or services (location-based restaurant lookup, booking, or payment), re-check what those integrations require. Also be aware that the platform permits autonomous invocation by default — this is normal, but if you prefer manual use, restrict automatic skill usage in your agent settings.
Review Dimensions
- Purpose & Capability
- okName/description (random meal recommendations with filters) matches the SKILL.md instructions. No unrelated env vars, binaries, or capabilities are requested.
- Instruction Scope
- okSKILL.md contains only recommendation rules, output format, and simple interaction behaviors (swap, choose number, give recipe). It does not instruct the agent to read files, access environment variables, call external endpoints, or collect unrelated data.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; the instructions do not reference any secrets or external service credentials.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent privileges. Model invocation is allowed by default (normal for skills) and there is no alarming combination of autonomy plus broad access.