Skillv1.0.0

ClawScan security

Hepha · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 30, 2026, 6:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (autonomous small-step development loops); it requires no additional installs or secrets, but it will read and write project files and may run browser automation and network research as part of its normal operation.
Guidance: This skill appears to do what it says: automate many small development loops and record progress in .autopilot/. When deciding to enable it, consider: 1) Only activate Hepha when you explicitly request 'hepha/autopilot' — the SKILL.md requires explicit activation. 2) Review and audit the .autopilot files the skill creates (they may include screenshots, logs, and decision notes) so no secrets or PII are accidentally captured. 3) Confirm the agent's git and CI permissions — the skill will commit changes and rely on whatever git credentials or hooks are already present. 4) If you are concerned about browser automation accessing internal systems, restrict the agent's network/tooling permissions or run it in a sandboxed environment. 5) Require human review of final or high-impact changes (especially high-risk tasks) even if the skill is used autonomously. Overall the skill is internally consistent, but operational safeguards (permissions, secret handling, commit review) are recommended.

Review Dimensions

Purpose & Capability: okName/description (autonomous plan->execute->check->review->commit loop) matches the SKILL.md, templates, and references. There are no unexpected required binaries, env vars, or install steps that are unrelated to implementing iterative development workflows.
Instruction Scope: noteInstructions explicitly direct the agent to read and update project files under a .autopilot directory, run project checks (lint/tests/build), perform browser-based validation (MCP/Playwright), and research live web/GitHub evidence. This behavior is consistent with the purpose, but it means the agent will access network resources and create artifacts (screenshots, logs) in the repository — review access policies and avoid exposing secrets in those artifacts.
Install Mechanism: okNo install spec or code is provided (instruction-only skill). Nothing will be downloaded or extracted by the skill package itself, minimizing supply-chain risk.
Credentials: okThe skill declares no required environment variables or credentials. That said, normal operation (commits, running tests, browser automation) will use the agent's existing git/environment/tooling permissions — there are no additional or unexpected credential requests in the skill materials.
Persistence & Privilege: okalways:false and user-invocable; the skill will create and maintain files only under the project's .autopilot/ directory and update the repo via commits per its protocol. It does not request system-wide changes or to modify other skills.