Back to skill
Skillv1.0.1
ClawScan security
测试审核记录保存2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 7:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only code-review checklist; its required pieces and runtime instructions match the stated purpose and request no extra privileges or credentials.
- Guidance
- This skill appears coherent and low-risk: it is an instruction-only code-review checklist that asks nothing extra. Before using, remember: 1) the AI needs you to provide the code or diff to review — do not paste secrets or credentials into prompts; 2) if you later integrate this skill with a repository or CI (which would require tokens/credentials), re-evaluate the credential scope before granting access; and 3) as with any automated review, validate important findings manually.
Review Dimensions
- Purpose & Capability
- okName and description state 'code review' and the SKILL.md provides a focused review checklist, severity levels, and an output template. No unrelated binaries, env vars, or config paths are requested.
- Instruction Scope
- okThe instructions are purely a review checklist and an output format; they do not instruct the agent to read system files, access environment variables, call external endpoints, or perform actions outside producing a review. It implicitly expects the user to provide code or a diff.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This is the lowest-risk install model (nothing is written to disk or downloaded).
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or external service access.
- Persistence & Privilege
- okFlags show always:false and normal user-invocable behavior. The skill does not request persistent system presence or to modify other skills/configuration.