Back to skill
Skillv0.1.0
ClawScan security
pylon · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 10:21 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose: a small namespace/brand helper that runs a simple local script to print copyright/identity information and does not request credentials or perform network I/O.
- Guidance
- This skill is minimal and appears safe: it only runs a local bash script that prints static copyright/brand information and requires no credentials or network access. Note it is Linux-only and requires exec permission to run the bundled script; review platform policies if you restrict execution of arbitrary scripts, but otherwise there is no sensitive access requested.
Review Dimensions
- Purpose & Capability
- okThe name/description claim a reserved namespace and brand info for Pylon; the files and runtime instructions only provide a copyright/brand notice. Nothing requested or installed is disproportionate to that purpose.
- Instruction Scope
- okSKILL.md instructs only to run the included script to output text or JSON; the instructions do not read unrelated files, environment variables, or send data externally.
- Install Mechanism
- okNo install spec; this is instruction-only with a bundled shell script. Nothing is downloaded or written to disk beyond the provided files.
- Credentials
- okNo environment variables, credentials, or config paths are required. The included script only uses its command-line args and prints static content.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or system-wide privileges. It does declare exec permission (to run its local script), which is appropriate for the stated behavior.