Back to skill
Skillv1.0.0
ClawScan security
Fabricated Symbols · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 6:14 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper that stays within its stated purpose (detecting and avoiding fabricated symbols in code) and doesn't request extra permissions, installs, or credentials.
- Guidance
- This is a low-risk, advisory skill: it only provides instructions about checking APIs, grepping the codebase, and running type-checkers. Before using it, confirm that the agent is allowed to read your repository and run build/type-check tools (the skill's guidance assumes that capability). Also review any automated code changes the agent proposes, since the instructions can lead the agent to add or modify project code — which is expected behavior but should be reviewed by you.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: guidance about invented methods and symbols in code. No unrelated env vars, binaries, or installs are requested.
- Instruction Scope
- okSKILL.md tells the agent to check library docs/type definitions, grep the codebase, add missing helpers, and run a type-checker — all actions are directly related to preventing fabricated symbols. These steps imply reading the repository and optionally running local tooling, which is appropriate for the stated goal.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing will be written to disk by the skill itself.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. It does not request access to unrelated services or secrets.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent presence or modify other skills or system-wide settings.