Skillv0.1.0

ClawScan security

gina · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 18, 2026, 2:34 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and requested privileges are consistent with a simple, local assistant placeholder — nothing appears malicious or disproportionate, though the README and SKILL.md claim integrations that the included scripts do not implement yet.
Guidance: This skill appears coherent and non-malicious, but it's currently a stub: the scripts only print canned schedule/brief messages and do not actually connect to calendars or external services. Before installing, review the two shell scripts yourself (they are short and included) and only grant exec permission if you trust the author. If you expect calendar integration or smart-scheduling features, ask the author how authentication and external integrations will be handled (they will likely need API keys or connector setup). As a general precaution, run new skills in a sandbox or isolated environment until you confirm their behavior.

Review Dimensions

Purpose & Capability: noteName, description, and included scripts all align with a personal assistant / scheduling namespace. However, the manifest/README advertise calendar integrations, smart suggestions, and multi-source briefing, while the shipped scripts are simple placeholders that only print canned messages. This is likely an unimplemented/stubbed feature set rather than a mismatch of required permissions or credentials.
Instruction Scope: noteSKILL.md contains only user-facing instructions and examples (invocation phrases and expected responses) and does not instruct the agent to read unrelated files or secrets. It does claim that Gina will 'fetch your schedule' and generate briefings, but the actual runtime scripts do not access calendars or external endpoints — they merely echo text. No instructions ask the agent to transmit data to unknown endpoints.
Install Mechanism: okThere is no install spec and no network downloads. The skill is instruction-first and ships two small shell scripts; nothing is being fetched from external URLs or installed from untrusted registries.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The manifest requests exec permission (to run its script), which is appropriate for a script-based assistant but should be granted only after code review.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence. It does not modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) but not combined with broad credentials or other concerning privileges.