Back to skill
Skillv1.0.0
ClawScan security
Ucts Investigate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 7:51 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, methodology skill for root-cause debugging that asks for no credentials or installs and its instructions are consistent with its stated purpose.
- Guidance
- This skill is a methodology guide and appears safe to install: it asks you (the user) for reproduction steps and environment details rather than accessing system secrets. Watch for any later prompts that ask to run code or open a code-execution session (the SKILL.md mentions spawning a 'Claude Code' session) — if you allow the agent to run tests or execute code, review what tools and permissions it requests at that time before granting them.
Review Dimensions
- Purpose & Capability
- okName and description advertise a debugging methodology and the skill contains only prose guiding an investigation; it requests no binaries, env vars, or installs — everything requested matches the stated purpose.
- Instruction Scope
- okSKILL.md confines the agent to eliciting reproduction steps, forming hypotheses, tracing, and designing tests. It does not instruct the agent to read arbitrary system files, exfiltrate data, or call external endpoints. The only operational instruction references spawning a separate 'Claude Code' session if code must be read or run, which is a clear, limited boundary.
- Install Mechanism
- okNo install spec and no code files are present, so nothing is written to disk and there is no risky installation behavior.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The troubleshooting prompts ask the agent to request environment details from the user (OS, versions, error text) which is appropriate for debugging and does not imply automatic access to secrets.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent presence or any elevated platform privileges.