Skillv0.1.0

ClawScan security

Structured Dev · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 4:14 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (a multi‑phase, review‑then‑implement development workflow) matches what it requests and does: it reads the project, writes .dev/ artifacts, and includes small helper scripts — no unrelated credentials, network endpoints, or surprising installs are present.
Guidance: This skill appears internally consistent and contains only local file operations and two small helper scripts. Before installing or invoking it: (1) understand the skill will read the entire project tree to produce .dev/research.md and plan.md; (2) it will write files into a .dev/ directory and, if you instruct it to implement, may modify project source — keep backups or use a branch; (3) there's no external network exfiltration or credential requests in the package, but be cautious when granting any agent authority to 'spawn' autonomous coding agents that can commit changes; (4) if you want extra safety, run the skill in a sandboxed clone of your repo or disable autonomous agent execution until you've reviewed plan.md and confirmed tasks manually.

Purpose & Capability: okName and description describe a structured development workflow. The skill only requests local file I/O (create/read .dev/* and read project files) and provides helper scripts to initialize and parse plan.md — these are coherent with the stated goal.
Instruction Scope: noteSKILL.md instructs the agent to deeply read project source, create and update .dev/research.md and .dev/plan.md, process in-place annotations, and (with user consent) spawn a coding agent to modify code. Reading/writing repository files is expected for this purpose, but users should note the agent will be instructed to examine the entire project tree and make edits when asked.
Install Mechanism: okNo install spec; skill is instruction-first and ships two small Python helper scripts. No network downloads, package installs, or archive extraction are present.
Credentials: okThe skill declares no environment variables, credentials, or config paths. Its runtime instructions access only repository files and .dev/ artifacts, which align with its function.
Persistence & Privilege: notealways:false (no forced inclusion). The skill relies on persistent files (.dev/plan.md) as shared mutable state — an intended design choice. Agent autonomous invocation is allowed by platform default; this is normal but means the agent could perform multi-step edits if the user approves.