Back to skill
Skillv1.0.0
ClawScan security
What To Eat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 3:54 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions match its stated purpose (pick a lunch/dinner choice from built-in cafeteria and nearby restaurant lists); there are no installs, credentials, or external calls declared.
- Guidance
- This skill appears low-risk and coherent: it uses only built-in lists and random selection and asks for no credentials. Before installing, consider whether you need live/accurate menus or ratings (the skill claims monthly updates but gives no update mechanism), whether you want dietary/allergy filters, and whether you trust the unknown source/owner since no homepage or provenance is provided. If you later want live restaurant data or personalized filtering, expect the skill would need external API access or new environment credentials, which should be requested explicitly and justified.
- Findings
[no-findings] expected: The static scanner found nothing to analyze because this is an instruction-only SKILL.md with no code files; that is expected for a simple content-only skill.
Review Dimensions
- Purpose & Capability
- okName and description ('What To Eat') match the SKILL.md: it uses built-in cafeteria and nearby restaurant lists and a random selection algorithm. Required binaries, env vars, and config paths are none, which is proportionate for an instruction-only random-picker.
- Instruction Scope
- noteInstructions are narrowly scoped: merge built-in lists, random-select one, and format output. One minor vagueness: the SKILL.md says data are 'monthly updated' but does not describe an update mechanism or source — this is a functional/maintenance detail, not an immediate security issue.
- Install Mechanism
- okNo install spec and no code files (instruction-only). Nothing is written to disk or fetched at install time, which minimizes installation risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That is proportional to its described functionality and reduces credential-exfiltration risk.
- Persistence & Privilege
- okalways:false and default autonomous invocation are appropriate. The skill does not request persistent system privileges or modify other skills' configs.