Skillv1.0.0

ClawScan security

Query DBpedia using Natural Language · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 18, 2026, 3:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (turning natural language into SPARQL, querying DBpedia, and producing HTML/JSON/Markdown results) matches its instructions and included templates; it is instruction-only, requests no credentials, and has no install steps.
Guidance: This skill appears coherent and read-only: it builds SPARQL queries, issues HTTP GET requests to https://dbpedia.org/sparql, and renders results. Before installing/using, consider: 1) The SKILL.md shows curl-based execution — ensure your agent environment allows outbound HTTP and has a suitable HTTP client (curl or equivalent). 2) Results are rendered into HTML templates; if you plan to open generated HTML in a browser, treat external DBpedia content as untrusted and review/sanitize fields to avoid XSS (escape labels/values). 3) Long or complex SPARQL queries can time out or return large results—use LIMIT and test queries incrementally. 4) The skill makes live network requests to dbpedia.org (expected); verify that fits your network/security policy. Overall, there are no unexplained credentials, installs, or hidden endpoints, so the skill appears to do what it claims.

Purpose & Capability: okName/description align with what the skill does: SKILL.md and example files all describe converting NL to SPARQL, calling the DBpedia SPARQL endpoint, and formatting results into JSON/Markdown/HTML. No unrelated credentials, binaries, or capabilities are requested.
Instruction Scope: okRuntime instructions are specific: analyze question → map to DBpedia properties → build SPARQL → execute via HTTP GET (example curl) against https://dbpedia.org/sparql → format results. The instructions reference only the DBpedia endpoint and included HTML templates; they do not ask to read arbitrary local files, access unrelated env vars, or post data to third‑party/obfuscated endpoints.
Install Mechanism: okNo install spec and no code files that would be written to disk; it's instruction-only with HTML templates and examples included. This is the lowest-risk install model.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate for a read-only query-to-DBpedia skill.
Persistence & Privilege: okalways:false and no request to modify other skills or system-wide settings. The skill does not request permanent presence or elevated privileges.