Back to skill
Skillv1.0.0
ClawScan security
Truncated Output · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 6:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that gives guidance for detecting and recovering from truncated model replies; it requests no credentials, binaries, or installs and its instructions are consistent with its stated purpose.
- Guidance
- This skill is safe and coherent: it only tells the agent how to detect and handle truncated replies. Before relying on it, confirm your agent/runtime exposes the model/provider finish_reason metadata and that you understand any cost implications of increasing max_tokens. If you don't want the agent to change generation parameters automatically, restrict its permissions or require user confirmation before regenerating responses with a larger token budget.
Review Dimensions
- Purpose & Capability
- okThe name/description match the SKILL.md content. The skill is instruction-only and does not request unrelated resources (no env vars, binaries, or install steps), so its declared requirements are proportionate to its stated purpose.
- Instruction Scope
- okRuntime instructions are narrowly focused: detect unmatched code fences or provider finish_reason indicating length limits, advise regenerating with higher max_tokens or trimming context, and suggest breaking tasks into smaller turns. They do not instruct reading unrelated files, exfiltrating data, or contacting external endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only surface, which minimizes risk and is appropriate for the described behavior.
- Credentials
- okThe skill requires no environment variables or credentials. It does reference provider metadata (finish_reason), which is directly relevant to detecting truncation and is proportionate.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent presence or system-wide configuration changes. Autonomous invocation is allowed by default but the skill's scope is limited and does not expand privileges.