Skillv1.0.0

ClawScan security

backend-architect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 1:55 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Instruction-only skill whose requirements and runtime instructions match its stated purpose (backend architecture guidance); it requests no credentials, installs nothing, and its instructions do not ask for unrelated system access.
Guidance: This skill appears coherent and low-risk: it only provides architectural guidance and requests no installs or credentials. Before relying on generated designs or copy-paste code in production, review outputs for security, correctness, and compliance; never paste real credentials or private data into prompts; if you expect the skill to produce diagrams in a particular format (Mermaid, PlantUML, images), specify that requirement so you can validate any downstream tooling it uses.

Purpose & Capability: okName and description (backend architect) align with the SKILL.md content. The skill does not request unrelated binaries, environment variables, or config paths — nothing present is out of scope for an architecture/advisory role.
Instruction Scope: okSKILL.md contains only guidance for design, API specs, code examples, and testing strategies. It does not instruct the agent to read local files, export secrets, call external endpoints, or perform side-effecting system operations.
Install Mechanism: okNo install spec is provided (instruction-only). This is the lowest-risk form and consistent with a purely advisory skill.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate credential request relative to the described functionality.
Persistence & Privilege: okalways is false (default). The skill can be invoked autonomously by the agent (normal platform default) but it does not request persistent system-level privileges or modify other skill configs.