Skillv0.1.0

ClawScan security

Csharp Developer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 7, 2026, 2:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, references, and metadata are coherent with a C#/.NET developer helper and do not request unrelated credentials, installs, or privileged persistence.
Guidance: This skill appears to be a straightforward C#/.NET code-writing helper and is internally consistent. Because the source is 'unknown', only invite it to analyze projects or files you are comfortable sharing—it will expect access to your repository/project files to be useful. There are no requested credentials or installers, but review any generated code and check referenced NuGet packages and appsettings (secrets like JwtSettings.Secret should never be added to public repos). If you want extra caution, run the skill against a sandbox copy of your project first.

Purpose & Capability: okName/description match the content: all required items are C#/.NET development guidance (ASP.NET Core, EF Core, Blazor, performance). The skill declares no binaries, env vars, or config paths that would be unexpected for this purpose.
Instruction Scope: okSKILL.md directs the agent to review project files (.csproj, NuGet packages, architecture) and to produce code/templates. It does not instruct reading unrelated system files, exporting secrets, or calling external endpoints outside normal development context.
Install Mechanism: okNo install spec and no code files to execute; this instruction-only skill does not download or install third-party packages when invoked.
Credentials: okThe skill declares no environment variables, credentials, or config paths. Reference material mentions typical platform SDKs (Azure SDK) but does not require providing keys or unrelated secrets.
Persistence & Privilege: okFlags show always:false and normal agent invocation; the skill does not request permanent presence or system-wide configuration changes.