Skillv1.0.1

ClawScan security

Context Engineering For Projects · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 1:33 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions align with its stated purpose: it inspects a local code directory and scaffolds a project-context tree under a target root (default ~/clawDir/team); it does not request credentials, spawn network calls, or perform unexpected actions.
Guidance: This skill appears to do what it says: it inspects a local code directory (top-level files/folders) and scaffolds a project-context tree under a target root (default ~/clawDir/team). It does not access network or request secrets. Before running, verify the --code-dir you pass points to the intended project (avoid pointing to sensitive/system directories) and choose or review the --target-root so you know where files will be created. You can review the included scripts/init_context_project.py (straightforward, idempotent) or run it first in a temporary directory to confirm behavior. If you do not want the agent to modify your filesystem autonomously, avoid enabling autonomous invocation or run the script manually.

Purpose & Capability: okName/description claim to scaffold project context directories; the provided Python script and SKILL.md both implement exactly that behavior (inferring modules from a code directory and creating docs). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md instructs the agent to read the target code directory's top-level files/dirs and to run the bundled script to create context files. This matches the script, which lists top-level entries in code_dir and writes template files under the chosen target root. Note: the skill will read the specified code_dir (top-level entries) and will create files under the target_root—this is expected but worth explicit user confirmation before running.
Install Mechanism: okInstruction-only skill with no install spec; the included script is a plain Python file. No downloads or package installs are performed by the skill itself.
Credentials: okNo environment variables, credentials, or config paths are required. The script uses Path.home() only to compute a default target root; that is proportional to the stated behavior.
Persistence & Privilege: noteThe script creates files under the specified target_root (default ~/clawDir/team) and appends an index entry. always is false. Creating files is expected for a scaffolding tool, but the user should be aware the skill will write to their filesystem and confirm the target path.