Back to skill
Skillv1.0.0
ClawScan security
Skill Sharpener · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 2:34 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill's declared purpose (auditing and suggesting fixes for other skills) matches its files and instructions: it performs local static checks, includes a harmless analysis script, requests no credentials, and does not attempt network or unexpected system access.
- Guidance
- This skill appears coherent and low-risk: it performs local static checks and includes a benign Python analyzer (scripts/audit_skill.py). Before running or asking it to apply fixes, verify the target directory you supply is correct and not a system or sensitive path, and confirm backups are made (the SKILL.md recommends this). If you will allow automatic modifications, consider first running the script in read-only mode (python scripts/audit_skill.py <path>) and manually review the suggested edits. If you have highly sensitive files, inspect scripts/audit_skill.py yourself to satisfy policy requirements before use.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md, README, references, and scripts all align: the package is an auditor that reads SKILL.md, reference files, and scripts/ to produce a report. No unrelated binaries, credentials, or external services are requested.
- Instruction Scope
- noteSKILL.md explicitly instructs the agent to read files in the target skill directory (SKILL.md, references, scripts/) and to offer applying fixes (with backup). Reading and modifying user-provided skill directories is expected for this tool, but users should be aware it can modify files if they ask it to apply fixes.
- Install Mechanism
- okThere is no install spec; this is an instruction-only skill with a bundled analysis script. The included script is local and does not download or execute code from external URLs.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. The analysis script operates on a user-supplied path only, which is proportionate to the auditor's purpose.
- Persistence & Privilege
- okalways:false and the skill does not request persistent platform privileges. It can modify files in the user-specified skill directory (per SKILL.md), which is expected for an automated fixer; SKILL.md advises backing up before modification.