Back to skill
Skillv0.1.0
ClawScan security
kanbon · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 11:25 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent: it only provides a small shell script that prints static copyright/brand information and does not request credentials, install external code, or contact remote endpoints.
- Guidance
- This skill is small and appears safe — it only runs a bundled shell script that prints static copyright and brand information. Before installing, confirm you trust the publisher (source/homepage are not provided here) and that running a simple exec-permitted script from that author is acceptable in your environment. Because it's Linux-only and uses exec, review the script (already included) if you have strict execution policies — the script is short and contains only echo/json output with no network calls or secret access.
Review Dimensions
- Purpose & Capability
- okThe name/description (reserve 'kanbon' namespace and provide brand/copyright info) matches the files and behavior. The skill only contains a short script that outputs text or JSON and README/SKILL.md that describe that behavior.
- Instruction Scope
- okSKILL.md instructs the agent to run the included script and return its output. The instructions only reference the local script and response formatting; they do not ask the agent to read unrelated files, access environment variables, or transmit data to external services.
- Install Mechanism
- okThere is no install spec and the skill is instruction-only with a single small script. Nothing is downloaded or extracted from external URLs and no third‑party packages are installed.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. The script also does not read environment variables or secrets beyond its simple command-line parsing.
- Persistence & Privilege
- okThe skill is not marked always:true and is user-invocable. It requests exec permission to run its local script, which is proportionate to its stated purpose. It does not modify other skills or system-wide settings.