Back to skill
Skillv0.1.0
ClawScan security
Prompt Engineering · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 5:04 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested resources, installation, and runtime instructions are consistent with a prompt-engineering helper and do not request unrelated credentials or perform unexpected actions.
- Guidance
- This skill is internally consistent for teaching and performing prompt engineering: it doesn't request credentials or install anything. Before installing, consider that the instructions recommend storing prompt versions in markdown files—avoid saving prompts that contain user secrets or private data. Also note the skill source/homepage are not provided; if provenance or publisher reputation matters to you, ask for or verify the publisher before wide deployment. If you plan to use this in a production agent, restrict its file-write scope and review stored prompts for sensitive content periodically.
Review Dimensions
- Purpose & Capability
- okName/description match the provided instruction content and reference materials. No unrelated binaries, env vars, or config paths are requested—requirements align with a documentation/instruction-only prompt-engineering skill.
- Instruction Scope
- noteSKILL.md and reference files contain a thorough, structured workflow for prompt creation, optimization, testing, and storage. The only operational action implied is storing prompts and version history in markdown files; this is coherent with the skill's purpose but warrants care if prompts contain sensitive data (the instructions do not discuss secret-handling or access controls).
- Install Mechanism
- okNo install spec and no code files executed at install time. Instruction-only skills carry minimal install risk because nothing is downloaded or executed by an installer.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. There are no requests for unrelated secrets—environment access is proportionate to the stated purpose.
- Persistence & Privilege
- okDefault privileges (always: false, agent-invocable allowed) are used. The skill does not request permanent presence or system-level configuration changes.