Skillv0.1.1

ClawScan security

Subskill Generation Rule · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 14, 2026, 6:31 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill that defines file placement conventions for organizing subskills and does not request credentials, install software, or perform other unexpected actions.
Guidance: This skill is simply a set of organizational rules and does not request credentials or install software. It's safe from the manifest alone. Things to consider before installing: 1) If your agent runtime has permission to create or modify files, following these rules will cause files to be written under data/ and subskills/ — review any generated artifacts for secrets before committing them. 2) Because the skill is instruction-only, there is no bundled code to inspect; if you later accept generated subskills or scripts, review those new files for unexpected network calls or credential usage. 3) If you prefer to prevent autonomous file changes, restrict the agent's filesystem permissions or disable autonomous skill invocation in your agent settings.

Purpose & Capability: okThe name and description promise project organization rules; the SKILL.md only prescribes where to put generated artifacts and feature code (data/ and subskills/<feature>/). There are no unrelated environment variables, binaries, or install steps requested, so the declared requirements align with the stated purpose.
Instruction Scope: okRuntime instructions are limited to file/directory layout and naming conventions. They do not instruct the agent to read unrelated system files, access network endpoints, or exfiltrate data. The guidance is narrowly scoped to organizing generated artifacts and subskill code.
Install Mechanism: okNo install spec or code files are included. Because this is instruction-only, nothing will be written to disk by an installer and no external packages are fetched.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There are no disproportionate secrets or unrelated credentials required.
Persistence & Privilege: notealways is false (normal). Model invocation is allowed (disable-model-invocation: false), which is the platform default. While the skill itself is harmless, consider the agent's runtime permissions: if the agent is allowed to write files, following these rules will create files under data/ and subskills/. That filesystem write capability is outside the skill's manifest but relevant to operations.