Skillv1.0.0

ClawScan security

ce1111 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 11, 2026, 4:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only/profile-style skill (a list of capabilities and tools) and its declared requirements and instructions are consistent with that purpose.
Guidance: This skill appears to be a static description of capabilities (like a resume) and poses minimal risk: it does not request credentials, binaries, or perform installs. It may be of limited practical use unless extended with integration code or explicit procedures. If you expect it to interact with external services or your files, require those behaviors to be documented and justified before enabling them. As always, prefer skills from known sources and monitor for future updates that add installs, env vars, or network calls.

Purpose & Capability: okThe name/description describe project-management and documentation skills; the SKILL.md content is a matching list of capabilities, tools, and languages. There are no unrelated requirements (no credentials, binaries, or config paths).
Instruction Scope: okSKILL.md contains only descriptive bullet points about skills, tools, and languages and does not instruct the agent to read files, access environment variables, call external endpoints, or perform actions outside the stated purpose.
Install Mechanism: okNo install spec and no code files are present, so nothing will be written to disk or downloaded during installation.
Credentials: okThe skill requests no environment variables or credentials; this is proportionate for a resume/instruction-only skill.
Persistence & Privilege: okalways is false and there is no indication the skill requests persistent system-wide privileges or modifies other skills. Default autonomous invocation is allowed by platform but presents minimal risk here because the skill contains only static descriptive text.