Skillv1.0.0

ClawScan security

Skill Security Review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 1:24 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, scope, and required access are consistent with a tool whose job is to audit other skills; it is an instruction-only reviewer and requests no credentials, installs, or persistent privileges.
Guidance: This skill is coherent and appropriate as a review/workflow document — it tells the agent how to audit other skills and asks only to inspect the artifacts a user provides. However: 1) do not upload secrets, private keys, or sensitive production data when asking the skill to review a package; the skill will read artifact contents and those uploads could be exposed to the agent's environment. 2) Treat its recommendations as guidance, not a sandbox verdict: the SKILL.md itself is not executing or sandboxing code. For maximum safety, run manual code review or open the package in an isolated environment (air-gapped VM or container) before installing any skill the audit flags as risky. 3) If you intend to let the agent act on the audit (install or fetch remote code), require explicit confirmation and ensure network access and downloads are pinned/verified.

Purpose & Capability: okThe name/description match the SKILL.md content: it's an audit workflow for evaluating skill/agent packages. It does not request unrelated credentials, binaries, or install hooks, and the actions it asks the agent to take (inspect SKILL.md, scripts, assets, manifests) are appropriate for a security reviewer.
Instruction Scope: okThe SKILL.md narrowly defines an audit workflow (identify artifact type, enumerate attack surface, score risk categories, produce verdict). It instructs reading provided artifact contents and searching for high-risk indicators — behavior that is necessary for this purpose. It does not instruct exfiltration, contacting unexpected endpoints, or reading unrelated system files.
Install Mechanism: okNo install spec and no code files are included (instruction-only). This minimizes supply-chain/install risk because nothing is downloaded or written to disk by the skill itself.
Credentials: okThe skill declares no environment variables, no credentials, and no config paths. There is no disproportionate request for secrets or broad environment access.
Persistence & Privilege: okThe skill is not always-enabled, does not ask to modify agent/system settings, and contains no install hooks or self-persistence instructions. It does not request elevated or persistent privileges.