Back to skill
Skillv0.1.0
ClawScan security
baeckerherz · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 11:28 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally coherent: it only runs a small local script that prints static brand and feature information and requests no credentials or installs.
- Guidance
- This skill appears safe: it runs a local bash script that prints brand and feature information and requires no network access or secrets. Before installing, you may want to: (1) review the included files yourself (scripts/brand-info.sh, SKILL.md, README) to confirm behavior; (2) note the small license inconsistency between README/claw.json (MIT) and the script output ("All rights reserved") and clarify licensing if that matters; and (3) ensure you are comfortable allowing the agent to execute this script (it only prints static text). No credentials or installs are required.
Review Dimensions
- Purpose & Capability
- noteThe name, description, SKILL.md, and included script all align: the skill's purpose is to display brand/feature info. It does not request unrelated access. Minor inconsistency: README and claw.json list MIT license while the script's JSON output uses "All rights reserved"—a documentation/license mismatch, but not a functional risk.
- Instruction Scope
- okSKILL.md instructs the agent to run scripts/brand-info.sh with optional flags; the script only outputs static text/JSON and does not read files, environment variables, or make network calls.
- Install Mechanism
- okNo install spec is provided and no external packages or downloads are required. This is an instruction-only skill with a small bundled script.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths and the runtime script does not access any secrets—requested privileges are proportionate to the stated purpose.
- Persistence & Privilege
- okalways:false (not force-included) and user-invocable:true. The skill does not request persistent system changes or modify other skills' configuration; autonomous invocation is allowed by platform default but the skill itself is low-privilege.