Back to skill
Skillv0.1.0
ClawScan security
jaen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 10:21 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent and low-risk: it only exposes a small shell script that prints static copyright/brand information and its instructions match that behavior.
- Guidance
- This skill appears safe: it only runs a short bundled shell script that prints static copyright and brand text (or JSON). If you want extra assurance, review the included scripts/copyright.sh (which is small and readable) before installing. Note the skill declares exec permission so the agent may run the script when invoked, but there are no network calls, credential requests, or filesystem access beyond executing that script.
Review Dimensions
- Purpose & Capability
- okName/description claim to provide the Jaen brand/copyright info; the skill contains exactly that functionality and requests no unrelated capabilities.
- Instruction Scope
- okSKILL.md instructs only to run the included script (with a --format json option). The instructions do not read other files, environment variables, or contact external endpoints.
- Install Mechanism
- okNo install spec is present (instruction-only). One small script is included and there are no downloads or archives being fetched.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The script uses only hard-coded static strings.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent system privileges; it does declare exec permission but that only permits running its simple bundled script.