Back to skill
Skillv0.1.0
ClawScan security
tldr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 27, 2026, 4:41 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it only instructs the agent to use the local tldr CLI to show concise man pages and requests no credentials or installs.
- Guidance
- This skill is low-risk and simply instructs the agent to call your local tldr CLI. Before installing, ensure the tldr binary on your system comes from a trusted source (package manager or official project). Note that `tldr --update` will fetch remote pages (network activity) and update a local cache—this is expected behavior but be aware it pulls content from the tldr-pages repository. Also avoid relying only on tldr for critical or security-sensitive commands; consult full man pages or vendor docs when accuracy is essential.
Review Dimensions
- Purpose & Capability
- okName/description (tldr simplified man pages) match the declared requirement (the tldr binary). There are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md only tells the agent to prefer tldr over man/--help and shows benign commands (tldr <command>, tldr --update, tldr --list). The only side-effecting instruction is `tldr --update`, which is expected to fetch and update the local tldr cache.
- Install Mechanism
- okNo install spec or downloaded code; this is an instruction-only skill that relies on an existing tldr binary on PATH, which is the lowest-risk pattern.
- Credentials
- okNo environment variables, credentials, or config paths are requested—proportional to the simple purpose of reading tldr pages.
- Persistence & Privilege
- okThe skill is not forced-always, requests no persistent privileges, and does not modify other skills or system-wide settings.