Skillv2.2.0

ClawScan security

Agora Court Review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 16, 2026, 4:31 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: An instruction-only governance review skill that is internally consistent: it defines distinct reviewer roles and output format and requests no credentials, installs, or system access.
Guidance: This skill is structurally simple and coherent. Before installing, confirm you are not granting the agent other connectors (APIs, cloud credentials, filesystem access) that would let it send or fetch proposal contents outside your environment. Also verify the agent's actual runtime will enforce the documented guardrails (separate voice outputs, explicit ownership/conditions) and that a human remains in the loop for final decisions if required by your governance. If you plan to attach external data sources, re-check proportionality of any added credentials.

Purpose & Capability: okThe name/description (court review, separated governance roles) matches the SKILL.md content: it provides role definitions and an output artifact. Nothing requested contradicts the stated purpose.
Instruction Scope: okThe SKILL.md only instructs the agent to produce structured review content using five roles and specifies guardrails and completion criteria. It does not instruct reading files, environment variables, or contacting external endpoints.
Install Mechanism: okNo install spec and no code files are present. This is the lowest-risk form: nothing is written to disk or installed.
Credentials: okNo environment variables, credentials, or config paths are required. The skill does not request access to external services or secrets.
Persistence & Privilege: okNo special persistence or elevated privileges requested (always is false). Autonomous invocation is allowed by platform default but the skill itself does not request persistent presence or system modifications.