Back to skill
Skillv2.2.0
ClawScan security
Deslop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 7:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only writing-quality skill that rewrites text to remove 'AI flavor' and contains no installs, credentials, or external endpoints — its declared requirements match its behavior.
- Guidance
- This skill is an instruction-only text-rewriting helper and appears coherent with its stated purpose — low technical risk. Before using: (1) avoid feeding confidential secrets or sensitive documents you don't want transformed/stored, since the skill processes whatever text you supply; (2) confirm how your agent/platform handles and stores edited outputs (logs, histories, or backups) if data retention is a concern; (3) if you want to limit autonomous runs, adjust the agent's skill-invocation or permission settings so it cannot run this skill without your explicit approval. If the package later adds install steps, network calls, or requests credentials, re-evaluate — those would change this assessment.
Review Dimensions
- Purpose & Capability
- okName, description and triggers describe a text-rewriting/humanizing tool; the SKILL.md contains only rules, patterns, and a 2-pass workflow for editing text. No binaries, env vars, or unrelated permissions are requested — the requested footprint is proportional to the stated purpose.
- Instruction Scope
- okRuntime instructions describe analyzing and rewriting provided documents in two passes, scoring, and producing change logs. The instructions do not direct reading arbitrary system files, accessing credentials, or sending data to external endpoints. Usage examples reference processing a supplied file, which is consistent with the skill's purpose.
- Install Mechanism
- okNo install spec is present (instruction-only). Nothing is downloaded or written to disk by the skill package itself, minimizing installation risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The SKILL.md does not attempt to access undeclared env vars or secrets.
- Persistence & Privilege
- okalways is false and there are no indications the skill requests persistent elevated privileges or modifies other skills or system-wide configuration. Autonomous invocation is allowed by default (platform behavior) but not combined with any extra privileges here.