Back to skill
Skillv1.0.1
ClawScan security
Review Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 26, 2026, 7:47 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill's requirements and runtime instructions are consistent with its stated purpose of turning review text into clustered, actionable insights.
- Guidance
- This skill is instruction-only and internally consistent with its purpose. Before using it, avoid pasting sensitive personal data (PII) from reviews unless you have consent and are compliant with privacy rules. Provide a representative sample and clear scope (date range, platforms, focus) so the analysis doesn't overgeneralize. Validate recommended root causes with operational data where possible — the skill helps surface directional patterns but does not perform rigorous causal inference.
Review Dimensions
- Purpose & Capability
- okThe name and description match the SKILL.md workflow: clustering feedback, identifying root causes, and recommending actions. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okThe instructions only describe how to collect, normalize, cluster, and report on provided review data. They do not instruct reading system files, calling unexpected external endpoints, or accessing environment variables.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only so nothing is written to disk or pulled from external URLs.
- Credentials
- okNo environment variables, credentials, or config paths are required. The inputs requested are review data and context parameters, which are appropriate for the task.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system privileges or modify other skills' configurations. Autonomous invocation is enabled by default but is not combined with other risky requests.