Back to skill
Skillv1.0.0
ClawScan security
Use when user input is vague, underspecified, lacks boundaries or acceptance criteria, or would benefit from being reframed into a more executable prompt before work begins. Also use when user explicitly asks to optimize/refine/improve a prompt. · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 9, 2026, 8:01 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only prompt-refinement helper whose declared behavior, inputs, and outputs are consistent with its stated purpose and it does not request unrelated credentials, binaries, or installs.
- Guidance
- This skill appears coherent and low-risk, but check three implementation details before installing: (1) Confirm the session-learner implementation truly stores only compact preference signals (e.g., "prefers popup"), never full prompt contents or originals. (2) Verify the AskUserQuestion popup and any UI flow do not send refined/original prompts to third-party endpoints or logs accessible by others. (3) Decide whether you want autonomous invocations allowed for this skill (default is allowed); if you prefer manual control, disable autonomous use or require explicit confirmation. If these items are satisfied, the skill is appropriate for refining user prompts.
Review Dimensions
- Purpose & Capability
- okThe name/description match the runtime instructions: refine vague prompts, offer confirmation, and optionally emit a compact preference signal. The skill does not request unrelated environment variables, binaries, or install steps — nothing appears excessive for a prompt-refiner.
- Instruction Scope
- noteSKILL.md confines actions to extracting the user's original prompt and session context, producing a refined prompt, asking the user to confirm, and emitting a short learning signal for a separate session-learner. This is appropriate for the purpose, but it relies on platform integrations (AskUserQuestion popup and session-learner) that are not declared in the metadata. The instructions explicitly forbid recording full prompt text, which is good practice; verify that implementations follow that rule.
- Install Mechanism
- okNo install spec and no code files — instruction-only skills have the lowest install risk because nothing is downloaded or written to disk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. No hidden requests for secrets are present in the instructions or reference material.
- Persistence & Privilege
- notealways:false and normal autonomous invocation are appropriate. The only persistence hint is the interaction with a session-learner that accumulates preference patterns; this raises privacy/retention considerations (see guidance) but does not itself indicate privilege escalation or incoherence.