Back to skill
Skillv1.0.0
ClawScan security
Wet Lab Career · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 9:23 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (career roadmap for wet-lab biotech) matches its instructions and artifacts; it requests no credentials, has no install steps, and exposes only API schema endpoints — no obvious incoherence or extraneous privileges were found, though the author/source is unknown so caution about data sharing is advised.
- Guidance
- This skill is internally consistent with its stated purpose and doesn't request credentials or install code. However, the source/homepage is missing and the operator is unknown — before using, confirm where your assessment data will be sent/stored, read any privacy/retention terms, and avoid submitting protected health information, patient identifiers, proprietary protocols, or other sensitive data. Prefer skills with a public repository or documented operator; if you must test this one, try it first with synthetic/sample data.
Review Dimensions
- Purpose & Capability
- okName/description describe a career-roadmap API and the included SKILL.md + openapi.json only define endpoints and request/response schemas for that purpose. The skill requires no binaries, env vars, or config paths, which is proportionate to a read-only API-style integration.
- Instruction Scope
- okSKILL.md contains API usage, request/response examples, and endpoint descriptions. It does not instruct the agent to read local files, access unrelated environment variables, or exfiltrate system data. It does expect user-provided profile fields (education, experience, instruments, etc.), which is consistent with the stated purpose.
- Install Mechanism
- okNo install spec and no code files to be written or executed on the host — this is an instruction-only skill. That is the lowest-risk install profile and matches the manifest.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Nothing asks for unrelated secrets or elevated access. The only data expected is user profile / assessment data appropriate for a career roadmap service.
- Persistence & Privilege
- okalways:false and user-invocable:true (with normal model invocation) — no elevated persistence or cross-skill config changes are requested. The skill does not assert the ability to modify other skills or system settings.