Skillv1.0.0

ClawScan security

Logic Hunter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 11:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with a claim-verification tool: it uses searches + a local logic engine, asks for no credentials or installs, and contains no hidden network endpoints or unrelated privileges.
Guidance: This skill appears internally consistent and low-risk: it bundles a small Python engine for scoring and instructs the agent to use web search tools to collect sources. Before installing, confirm that (1) your agent environment allows running the bundled Python file safely or that the platform will sandbox execution, (2) the external search tools referenced (web_search, tavily-search, deep-research-pro) are available and trusted in your environment, and (3) you understand the model's limits — the C = Σ(R×S)/E formula is a heuristic, not a guarantee of truth. If you rely on it for high-stakes decisions, review primary sources manually and validate outputs. If you want extra caution, run the skill in a restricted/sandboxed workspace first.

Review Dimensions

Purpose & Capability: okName/description (logic verification, evidence tracing) match the SKILL.md and the included logic_engine.py. Declared tools (web_search, tavily-search, deep-research-pro) and the local Python engine are appropriate and expected for the stated functionality. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope: okRuntime instructions are narrowly scoped: parse input, call search tools to retrieve sources, classify sources, compute confidence via logic_engine.py, and run red-team checks. The SKILL.md does not direct reading unrelated files, requesting extra environment variables, or exfiltrating data to unknown endpoints. It does rely on external search tools (expected for research tasks).
Install Mechanism: okNo install spec is provided (instruction-only plus a bundled Python file). There are no download URLs or extract steps; the included logic_engine.py is a small, local computation engine. This is low-risk from an install/third-party code perspective.
Credentials: okThe skill requires no environment variables, credentials, or config paths. All functionality is satisfied by search tools and the local logic engine; there are no extra secret requests or disproportionate credential needs.
Persistence & Privilege: okalways is false and disable-model-invocation is false (normal defaults). The skill does not request persistent/always-on presence nor modify other skills or system settings. It contains a CLI but does not attempt to write global config or store credentials.