Skillv0.1.0

ClawScan security

Skill Listing Polisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 1:48 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and scope match its stated purpose (polishing skill listings); it runs local checks on a provided skill directory and does not request credentials or perform network activity.
Guidance: This skill is coherent and low-risk: it locally scans a supplied skill package for listing issues and sensitive-looking strings and prints warnings. Before running it, confirm you point it only at the skill package you intend to inspect (it reads files under that directory). Ensure python3 and ripgrep (rg) are available or install them; the script may fail otherwise. The warnings are heuristics and can produce false positives, so manually review flagged files. Because it runs locally and does not transmit data, it's safe to run in a normal environment; if you prefer extra caution, run it inside an isolated container or VM.

Purpose & Capability: okThe name/description match the included assets: SKILL.md instructs reviewers to run the bundled check script, and the script inspects a skill package for long descriptions, internal filenames, and sensitive-looking strings. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope: okRuntime instructions are narrow and explicit: run ./scripts/check-listing.sh /path/to/skill. The script only reads files within the provided skill directory, extracts the description via a short Python snippet, and searches for suspicious filenames/strings. It does not transmit data externally or access other system areas by design. Note: the script expects python3 and ripgrep (rg) to be available; it doesn't declare these dependencies.
Install Mechanism: okNo install specification — it's instruction-only with a small bundled shell script. Nothing is downloaded or written to disk by an installer, and there are no archive/extract steps or remote fetches.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The script scans the provided directory for tokens/secret-like strings (to warn), which is coherent with the skill's purpose.
Persistence & Privilege: okThe skill is not forced always-on, does not modify other skills or global agent settings, and has no apparent persistence or elevated privileges. It runs only when invoked against a supplied directory.