Skillv0.1.0

ClawScan security

Zod Complete Documentation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 9:15 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only documentation skill containing embedded Zod docs; its files and runtime instructions are coherent with the stated purpose and it does not request credentials or install code.
Guidance: This skill is a documentation-only bundle for the Zod validation library and appears internally consistent with that purpose. It does not request credentials or install code. Things to consider before installing: (1) the files are MDX and include links and image URLs that reference external sites — the skill itself doesn't instruct network calls, but an agent using the docs might follow or recommend those links; (2) the README claims the content was extracted from the colinhacks/zod repo — if you care about provenance or licensing, verify the upstream source and license (README states MIT); (3) the docs include runnable code examples — validate any code you copy into your projects. Overall, safe to install from a coherence perspective, but always review content and external links if you need strict provenance or want to avoid following external resources.

Purpose & Capability: okThe skill name/description (Zod documentation, schema validation, TypeScript guidance) align with the provided files under references/. All listed files are documentation (MDX/markdown) about Zod. There are no unrelated binaries, env vars, or config paths requested.
Instruction Scope: okSKILL.md explicitly instructs the agent to read the local references/ files to answer Zod-related questions. It does not direct the agent to read unrelated system files, access secrets, or transmit data to external endpoints. Note: the doc content contains many external links (GitHub, twitter, zod.dev, image URLs, and other references), but the instructions do not tell the agent to call those endpoints.
Install Mechanism: okThere is no install specification (instruction-only skill). Nothing will be downloaded or written to disk by an install step.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The documentation does reference usage scenarios (e.g., environment variable parsing) but does not request access to any secrets.
Persistence & Privilege: okThe skill is user-invocable and not forced-always. disable-model-invocation is false (default autonomous invocation allowed), which is normal for skills and appropriate here. The skill does not request to modify other skills or system-wide settings.