Skillv1.0.0

ClawScan security

Business Rule Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 18, 2026, 7:47 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package contents, README, SKILL.md, examples and tests all align with a lightweight Python business rule engine; there are no unexpected environment/credential requests or remote installs, but the implementation uses eval-based expression evaluation which should be treated as risky if rule text is untrusted.
Guidance: This package appears coherent and implements the claimed business rule engine. The main security consideration is that ExpressionEvaluator uses eval() on expressions assembled from rule text and substituted variables — this is expected for a rule engine but is unsafe if rule text or the evaluation context can be provided by untrusted users. Before using in production: (1) ensure rules and context come from trusted sources or sandbox/evaluate in a restricted environment; (2) run the included unit tests (pytest) to validate behavior; (3) review the remaining (truncated) portions of scripts/rule_engine.py for any file, network, or subprocess usage (none were evident in the visible parts); and (4) consider replacing eval-based evaluation with a safe expression parser (ast parsing, boolean-expression library, or dedicated expression evaluator) if you need to accept rules from untrusted users. If you want, I can scan the remaining truncated sections for any hidden I/O, network calls, or other risks.

Purpose & Capability: okName/description match the provided code, examples, and unit tests. The files implement a rule engine, DSL parsing, rule chains and JSON loading — all consistent with the declared purpose. There are no declared env vars, binaries, or unrelated dependencies.
Instruction Scope: noteSKILL.md only documents usage, tests, and examples for the rule engine — it does not instruct the agent to read unrelated files, access environment variables, or send data externally. However, the runtime code (ExpressionEvaluator) constructs and eval()s expressions derived from rule text/variables; that is intrinsic to the product but becomes unsafe if rules or contexts come from untrusted sources.
Install Mechanism: okNo install specification is provided (instruction-only metadata), and requirements.txt only lists pytest/test tooling. Nothing is downloaded or written by an installer in the metadata provided.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The code operates on in-memory structures and JSON strings only; there are no surprising secret requests or external service credentials.
Persistence & Privilege: okThe skill does not request persistent or elevated platform privileges. always is false and there is no install script or behavior that modifies agent/system configuration or other skills.