Back to skill
Skillv1.0.0
ClawScan security
Random Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 5:16 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a tiny, instruction-only joke teller that only echoes static jokes via Bash; its requirements and instructions are consistent with its stated purpose.
- Guidance
- This skill appears safe and does exactly what it says: print a couple of programming jokes. It requires no credentials and has no install steps. If you enable it, be aware the skill is permissioned to run Bash when invoked (the instructions themselves only use echo), so only install if you trust simple shell-based joke behavior and understand it provides trivial, non-sensitive output.
Review Dimensions
- Purpose & Capability
- okName/description (programming jokes) match the contents of SKILL.md — there are no unexpected required env vars, binaries, or config paths.
- Instruction Scope
- okSKILL.md instructs only simple echo commands that print jokes; it does not read files, access environment variables, call external endpoints, or request broader system data. Note: the header allows use of Bash, but the documented actions are just echoing static text.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or fetched from external URLs.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths; this is proportional to its trivial functionality.
- Persistence & Privilege
- okalways is false and the skill does not request persistent presence or modify other skills or system settings.