Back to skill
Skillv1.0.0
ClawScan security
skill-coach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 8:14 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only coaching assistant for designing OpenClaw Skills; its declared requirements and runtime instructions are consistent with that purpose and request no unusual access.
- Guidance
- This is a low-risk, instruction-only coaching skill that helps you draft SKILL.md and related files. Before installing or using it: (1) review any SKILL.md drafts it generates before publishing or sharing them; (2) avoid pasting secrets or real credentials into prompts when designing a Skill; and (3) if you don't want the skill invoked autonomously, disable model invocation or only invoke it manually.
Review Dimensions
- Purpose & Capability
- okName/description (Skill Creation Coach) match the SKILL.md content. The skill is instruction-only and requests no binaries, env vars, or config paths — all proportional to a coaching/authoring assistant.
- Instruction Scope
- okSKILL.md contains step-by-step authoring guidance and confirmation templates. It does not instruct the agent to read system files, environment variables, or send data to external endpoints; it stays within the stated authoring scope.
- Install Mechanism
- okNo install spec and no code files (instruction-only) — nothing is written to disk or downloaded during install, which is the lowest-risk posture.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There are no other env accesses in the instructions, so requested permissions are minimal and proportional.
- Persistence & Privilege
- okFlags are default (always: false, model invocation allowed). The skill does not request permanent presence or request modifying other skills or system settings.