Skillv1.0.0

ClawScan security

Network Engineer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 23, 2026, 6:50 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (generating personalized network-engineering roadmaps) aligns with its instructions and required assets; it requests no credentials, installs nothing, and contains only API schema and usage examples.
Guidance: This skill appears coherent and low-risk: it defines an API and sample payloads and requests no secrets or installs. Before using, confirm who is hosting the service (source/homepage is unknown), review any privacy policy if you will submit real personal data, and if you plan to send sensitive PII or employer data, test first with non-sensitive dummy data. If you deploy or trust this skill in production, prefer a self-hosted or audited implementation and verify the actual API responses/schema match your expectations.

Purpose & Capability: okName, description, SKILL.md content and included openapi.json all describe the same functionality (take assessmentData and return a career roadmap). There are no unrelated requirements (no binaries, env vars, or config paths).
Instruction Scope: okSKILL.md contains sample requests/responses and an OpenAPI description limited to /health and /api/network/roadmap. It does not instruct reading arbitrary files, accessing system state, or sending unexpected data to external endpoints.
Install Mechanism: okNo install spec and no code files beyond SKILL.md and openapi.json. Nothing will be downloaded or written to disk by an installer.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The data it needs (assessmentData) is passed in requests, which is proportionate to its purpose.
Persistence & Privilege: okalways is false and default agent-invocation settings apply. The skill does not request permanent presence or modify other skills or system-wide settings.