Back to skill
Skillv0.1.0
ClawScan security
Cpp Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 2:18 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only C++ expertise skill whose requirements and instructions align with its stated purpose and do not request extra credentials, installs, or network access.
- Guidance
- This skill is an instruction-only C++ expert guide and appears coherent and low-risk: it will suggest reading your repo and running local build/test tools (cmake, conan, clang-tidy, sanitizers, profilers). Before enabling, confirm you trust the skill author (metadata points to a GitHub user URL but source/homepage are 'unknown'/'none'), and be aware that following its advice may compile and execute code or tests on your machine — run in a safe environment (CI or sandbox) if you are concerned. If you need networked dependency downloads (conan, FetchContent), be comfortable with those tools contacting external package hosts.
Review Dimensions
- Purpose & Capability
- okName/description (modern C++, performance, templates) match the included references and SKILL.md guidance. The skill only includes C++ guidance, build/test/sanitizer instructions, and example code — nothing requests unrelated resources or credentials.
- Instruction Scope
- okSKILL.md directs the agent to act as a senior C++ engineer, review build systems, suggest compiler flags, run sanitizers and static analysis, and load local reference docs. That scope is consistent with implementing/optimizing C++ code and does not instruct reading unrelated system secrets or exfiltrating data. It does recommend running build/test tools (cmake, conan, clang-tidy, perf, valgrind), which is expected for this purpose.
- Install Mechanism
- okThere is no install spec and no code files that would be downloaded or executed. This instruction-only skill writes nothing to disk and does not pull external binaries, which minimizes install risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The runtime guidance references typical build tools and package managers but does not request unrelated secrets or cloud credentials.
- Persistence & Privilege
- okalways is false and disable-model-invocation is false (normal). The skill does not request persistent system changes or modify other skills' configs. Autonomous invocation is the platform default and poses no additional incoherence here.