Back to skill
Skillv1.0.0
ClawScan security
Creator Brief Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 9:29 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only brief-review helper whose declared purpose matches its instructions and it requests no credentials or installs; nothing in the package suggests hidden behavior.
- Guidance
- This skill appears coherent and low-risk as distributed: it only provides instructions for checking and rewriting briefs and asks for no installs or secrets. Before using it, avoid submitting confidential or secret-containing briefs (PII, unreleased product specs, or credentials) because the agent will process the text. Note the license: CC BY-NC-SA 4.0 restricts commercial use—obtain a commercial license from Razestar if you plan to use outputs commercially. If you want extra assurance, test with non-sensitive sample briefs and review generated briefs before sending them to creators.
Review Dimensions
- Purpose & Capability
- okName/description (creator brief checking) align with the SKILL.md workflow and expected inputs/outputs. There are no unexpected requirements (no env vars, binaries, or installs) that would be unrelated to the stated purpose.
- Instruction Scope
- noteSKILL.md contains a focused checklist and clear output template; it does not instruct the agent to read system files, access external endpoints, or use credentials. Note: the skill processes user-supplied briefs, so sensitive/confidential content in inputs would be seen by the agent—avoid sending secrets or private data unless you trust the runtime.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. This minimizes disk writes and external downloads; there are no installer URLs or packages to evaluate.
- Credentials
- okNo environment variables, credentials, or config paths are required. The lack of requested secrets is proportionate to the skill's described function.
- Persistence & Privilege
- okSkill does not request always:true and is user-invocable only. It does not modify other skills or system config (no install code present). Autonomous invocation is allowed (platform default) but is not combined with elevated privileges or extra credentials.