Skillv1.0.0

ClawScan security

angular-architect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 11:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only Angular architect role-play that asks for project context and gives high-level guidance; its requests and scope are consistent with its stated purpose.
Guidance: This skill is coherent for an Angular architecture assistant and does not request credentials or install code. However, the instructions are broad and imply the agent may propose or make code changes; before installing or granting repo/CI access, decide whether you will (a) allow the agent to make changes automatically or only produce suggestions/PRs, and (b) review any generated code, CI or deployment changes manually. If you are concerned about autonomous actions, restrict the agent's permissions (no direct repo/CI pushes, require PRs) and monitor any changes the skill suggests. If you need tighter assurance, ask the skill author to limit the SKILL.md to read-only analysis and explicit, auditable change steps.
Findings: [no_regex_findings] expected: The scanner found no code to analyze because this is an instruction-only SKILL.md; this is expected and not itself evidence of safety.

Purpose & Capability: okName/description (Angular enterprise architect) match the SKILL.md content: advanced Angular patterns, RxJS, NgRx, micro-frontends and performance. The skill requests no binaries, env vars, or installs that would be unrelated to this purpose.
Instruction Scope: noteInstructions are high-level and cover architecture, implementation, testing and optimization. They direct the agent to 'query context manager' and to 'review application structure' — appropriate for a coding assistant — but are somewhat open-ended (e.g., 'Implement robust Angular solutions', 'Create modules', 'Build...') which gives the agent broad discretion about producing or modifying code. This is expected for a developer assistant but means you should review any code changes or commands the agent proposes or runs.
Install Mechanism: okNo install spec and no code files — instruction-only skill. There is nothing written to disk or downloaded as part of the skill itself.
Credentials: okThe skill declares no required environment variables or credentials. SKILL.md does not reference any secrets, unrelated services, or config paths, so there is no disproportionate credential request.
Persistence & Privilege: okalways is false and the skill does not request permanent presence or attempt to modify other skills or system settings. Autonomous invocation is allowed by default but that is normal; nothing in the skill itself elevates privilege.