Skillv1.0.0

ClawScan security

Dynamic Model Selector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 10, 2026, 4:46 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's goal (selecting Copilot models) is plausible, but there are inconsistencies — a local Python script is present though no runtime is declared, and the referenced model names and availability claims don't clearly match GitHub Copilot — you should inspect the code and verify runtime and model mappings before use.
Guidance: This skill is plausible but has small inconsistencies you should resolve before trusting it. Steps to take before installing or running: - Open and read scripts/classify_task.py to confirm what it does: check for network calls, subprocess execution, or attempts to read files/credentials. If you are not comfortable inspecting it yourself, run it in an isolated sandbox. - Ensure you have the required runtime (likely Python). The SKILL.md should state how to run the script (python version, CLI args). Ask the author to add explicit run instructions. - Verify the models referenced in references/models.md actually map to models available in your environment (GitHub Copilot) — the examples include names from multiple providers, which may be inaccurate for Copilot-only routing. - Confirm there are no hidden data exfiltration behaviors (outbound network, telemetry) in the script before giving it access to real queries. - Because the source and homepage are unknown, treat this as untrusted code until you inspect it or obtain provenance from the publisher.

Purpose & Capability: concernThe skill claims to pick the best model 'available in GitHub Copilot' but its examples list model names spanning multiple vendors (gpt-4o, claude-3.5-sonnet, grok-code-fast-1). That may be accurate only if the skill is multi-provider, but the description and metadata emphasize GitHub Copilot specifically, so the mapping between claimed purpose and the actual model inventory is unclear.
Instruction Scope: noteSKILL.md instructs the agent to 'run the classification script' but gives no runtime instructions (no declared Python requirement, no CLI invocation, no input/output contract). The instructions otherwise stay on-topic and do not request unrelated files or credentials.
Install Mechanism: noteThere is no install spec (lowest install risk) but a bundled script (scripts/classify_task.py) exists. The skill does not declare required binaries, yet the script implies a Python runtime — this mismatch should be resolved so users know how to run it.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths, which is proportional for a local classification helper. There are no declared secrets or broad credential requirements.
Persistence & Privilege: okNo elevated privileges are requested: always is not set, model invocation settings are default, and the skill does not ask for permanent presence or special platform hooks.