Back to skill
Skillv1.0.0
ClawScan security
Privacy Policy Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 8:41 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are consistent with its stated purpose (generating and checking privacy policies); it runs only local shell/Python logic, requests no secrets, and has no install steps or network calls.
- Guidance
- This skill appears to do what it claims: generate privacy-policy text and locally check a policy file. Before running, remember: the script executes locally (bash + python3) and will read any file path you supply to the 'check' command, so do not point it at sensitive system files unless you intend to. There are no network calls or required credentials, but you should still review the included script if you plan to run it in a sensitive environment. If you need remote or legally certified privacy-policy generation, consider using an established legal service instead of a simple local generator.
Review Dimensions
- Purpose & Capability
- okName/description match the included scripts and commands. The script implements generate/check/gdpr/ccpa/update/help functions that align with a privacy-policy generator; required runtimes (bash 4+ and python3) are reasonable and declared.
- Instruction Scope
- okSKILL.md directs the agent to run the bundled shell script. The script only reads files the user specifies (for 'check') and prints generated policy text; it does not attempt to read unrelated system configuration, environment secrets, or transmit data externally.
- Install Mechanism
- okNo install spec (instruction-only). The only code is the included scripts/script.sh which will be executed locally when invoked; there are no downloads, package installs, or external executables fetched.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. It uses only user-supplied arguments and local file reads (as expected for a file-checking tool).
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated privileges, nor does it modify other skills or global agent settings.