Back to skill
Skillv1.0.0
ClawScan security
PLS Copy Editing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 11:54 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- This is an instruction-only copy-editing skill whose requirements and footprint match its stated purpose, but the SKILL.md is an unfinished template and is vague about runtime behavior — review before use.
- Guidance
- This skill appears coherent with its purpose but the SKILL.md is an unfinished template. Before installing or enabling it for automatic use, ask the publisher for a completed SKILL.md that clearly states: what the skill will read (only user-supplied text?), whether it will call external services or run scripts, and any resource directories it needs. If you plan to submit sensitive documents for editing, verify privacy/retention policies. If scripts or assets are later added to the package, re-review their install/run behavior (scripts can be executed by the agent). If you are not comfortable with the agent having broad discretion, only enable the skill for explicit, user-invoked sessions and avoid granting any environment credentials or files to it.
Review Dimensions
- Purpose & Capability
- okName and description (copy editing) align with the declared footprint: no binaries, no env vars, no installs, and no code files are required for a text-editing helper.
- Instruction Scope
- noteThe SKILL.md is a generic, largely-unfilled template with TODOs rather than concrete runtime instructions. It does not tell the agent to access unrelated files, credentials, or external endpoints, but its vagueness grants broad discretion — e.g., it references possible scripts/resources (scripts/, references/, assets/) and notes they could be executed if present. Because those resources are not present now, there is no immediate risk, but the skill should be completed/clarified before relying on it.
- Install Mechanism
- okNo install spec and no code files are present. Instruction-only skills are lowest risk for installation; nothing will be downloaded or written to disk by an installer.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths — proportionate and expected for a copy-editing helper.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request permanent presence or elevated privileges. Autonomous invocation is allowed by platform default but is not combined here with other concerning factors.