Back to skill
Skillv1.0.0
ClawScan security
api-designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 12:49 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only API design assistant whose declared requirements and instructions align with its stated purpose and request no credentials or installs.
- Guidance
- This is an instruction-only API design helper that includes static code examples and does not request credentials or install software—reasonable to use. Before installing or trusting outputs: (1) review generated OpenAPI/SDK code for security issues before deploying, (2) avoid pasting secrets into prompts or examples, and (3) if the skill later requests network access or credentials, treat that as a significant change and re-evaluate.
Review Dimensions
- Purpose & Capability
- okName/description (API design, OpenAPI, GraphQL, etc.) match the provided SKILL.md and examples. The skill does not request unrelated credentials, binaries, or system paths.
- Instruction Scope
- okSKILL.md contains design guidance, best practices, and expected outputs (specs, docs, SDKs). It does not instruct the agent to read system files, access environment variables, or contact external endpoints outside the user’s control.
- Install Mechanism
- okNo install spec and no code executed at install time (instruction-only). No downloads, no archived extracts, and no third-party package installs.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The examples are static code snippets and do not require secrets.
- Persistence & Privilege
- okDefault privileges (not always: true). The skill is user-invocable and may be invoked autonomously by the agent (platform default) but requests no elevated or persistent system privileges.