Back to skill
Skillv1.0.0
ClawScan security
Awesome Claude Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 10:38 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only library of Claude skill templates that requests no credentials or installs; coherent with its description, but it references a local clone of a GitHub repo and uses vague instructions about copying patterns — verify that repository/content is trusted before use.
- Guidance
- This skill looks internally consistent and low-risk because it's just templates and asks for nothing. Before installing, confirm the referenced GitHub repository (https://github.com/ComposioHQ/awesome-claude-skills) and the local clone path are trustworthy: review the repo contents for any scripts or sensitive data, confirm who maintains it, and ensure you permit the agent to read only the directories you expect. Remember the SKILL.md's statement that it won't execute external scripts is not technically enforced — the agent could still read files in that repo, so validate the repo before granting access.
Review Dimensions
- Purpose & Capability
- okThe name/description (a collection of skill templates) aligns with the SKILL.md: it is a templates library and does not request credentials, binaries, or installs. Nothing required is disproportionate to providing templates.
- Instruction Scope
- noteSKILL.md references an installed source and a local clone path (workspace/skills_external/ComposioHQ_awesome-claude-skills) and states the agent will 'copy/translate patterns' but gives no concrete commands. That is functionally consistent with a template library, but the instructions are vague about what files will be read or copied and give the agent broad discretion to access repository files. The file also asserts it will not execute external scripts; this is a policy statement the agent may follow but is not enforceable by the skill file itself.
- Install Mechanism
- okNo install specification and no code files are present (instruction-only). This is low-risk: nothing will be downloaded or written by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. That matches the skill's purpose and is minimal.
- Persistence & Privilege
- okalways is false and autonomous invocation is allowed (platform default). The skill does not request permanent presence or modify other skills. No elevated privileges requested.