Back to skill
Skillv1.0.0
ClawScan security
guess-number · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMay 1, 2026, 7:40 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5.5
- Summary
- This skill appears to be a simple local number-guessing game with limited, disclosed file use and no evidence of suspicious behavior.
- Guidance
- This skill is low risk based on the provided artifacts. It stores a temporary secret number and step count locally for gameplay, so users should be aware that an in-progress game creates small local files in the skill’s script directory.
Review Dimensions
- Purpose & Capability
- okThe SKILL.md and Python script consistently implement a four-digit guessing game with matching generate and verify workflows.
- Instruction Scope
- okInstructions are limited to starting a game and verifying guesses; there are no prompts to override user intent, access unrelated data, or perform unrelated actions.
- Install Mechanism
- okThere is no install spec, no dependencies, no required binaries, and no environment variables or credentials requested.
- Credentials
- okThe script only reads and writes small game-state files in its own script directory, which is proportionate to maintaining a game between guesses.
- Persistence & Privilege
- okTemporary persistence through secret.txt and step.txt is disclosed, scoped to game state, and deleted when the game ends or is interrupted.