Back to skill
Skillv1.0.0
ClawScan security
Agent Core Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 11:38 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests, files, and runtime instructions match its stated purpose (exporting agent-core files from local repos into a zip); it operates on local filesystem paths and does not request credentials or perform network exfiltration.
- Guidance
- This skill appears coherent and local-only, but be mindful before running it: point --base-dir at repositories you control, and run with a specific --repos list to avoid copying unexpected files. The exporter will copy config and prompt files from those repos — if those files contain secrets or provider keys, they will be included in the generated zip. Verify the zip contents before sharing, ensure the zip binary is installed, and run the script in a controlled environment (or on a copy of your repos) if you have sensitive data in your project trees.
Review Dimensions
- Purpose & Capability
- okThe name/description, SKILL.md, README, and the included script all align: they detect repository framework signatures and copy a small set of source files into a staging directory and zip it. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- noteThe runtime instructions are limited to running the bundled shell script which reads repositories under a configurable base directory (default ~/Documents/GitHub). This is in-scope for extracting agent-core files, but note the script will read arbitrary files within those repos (including any config files present) and will fail/exit if a specified repo is missing or unsupported.
- Install Mechanism
- okNo install spec is provided; this is an instruction-only skill with a bundled shell script. The script requires the zip binary (checked at runtime). No downloads or archive extraction from external URLs occur.
- Credentials
- okThe skill declares no required environment variables or credentials. The script uses HOME and PWD via shell expansion (normal) and accepts a --base-dir flag; there is no request for unrelated secrets or external tokens.
- Persistence & Privilege
- okThe skill is not always-enabled, does not modify other skills, and does not request elevated persistence. It performs filesystem reads and writes within the user-specified output directory only.