Skillv1.0.2

ClawScan security

submit pr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 7:10 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (automating a PR workflow with secret scanning, staging, commit generation and PR creation); there are minor documentation gaps (it assumes git/gh are available/authenticated) but no incoherent or disproportionate requests.
Guidance: This skill appears to do what it says: scan changed files for secrets, let you confirm which files to include, create a standardized commit message, push and open a PR. Before using it: (1) ensure git and the GitHub CLI (gh) are installed and you are authenticated (gh auth) — the skill assumes these but does not declare them; (2) review and, if desired, extend the secret-detection regexes (regex scanning can miss some secrets and produce false positives); (3) be aware it will run git push on your current branch — ensure you are not unintentionally pushing sensitive data; (4) confirm your repo branch protection and CI requirements (e.g., required checks or PR templates) so the automated PR creation fits your workflow. If you need the skill to install dependencies or to explicitly request GitHub credentials/scopes, ask the author to declare those in metadata.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes exactly the actions expected for a 'submit pr' helper (sensitive-file scanning, staging, commit message generation, git push and gh pr create). One minor inconsistency: the skill uses git and the GitHub CLI (gh) in its allowed-tools and commands, but the registry metadata lists no required binaries — the skill implicitly requires git and gh to be present and authenticated.
Instruction Scope: okRuntime instructions are narrowly scoped to repository operations: running git commands, scanning changed files for regex patterns, staging user-confirmed files, committing with a formatted message, pushing and creating a PR via gh. The skill instructs the agent to stop on sensitive findings and to wait for user confirmation when appropriate — no broad or unexpected file-system or network exfiltration steps are present.
Install Mechanism: noteThis is an instruction-only skill with no install spec (lowest install risk). However, it relies on external CLIs (git and gh) being available; the skill does not declare these required binaries in metadata, so callers should ensure those tools are installed separately.
Credentials: noteThe skill declares no required environment variables or credentials. In practice it will rely on the user's existing git remotes and gh authentication (gh auth) to push and create PRs; those credentials are provided by the user's environment/tooling rather than the skill. This is proportionate but implicit — the skill does not attempt to request or store extra secrets.
Persistence & Privilege: okThe skill does not request persistent presence (always:false) and has disable-model-invocation:true, so it cannot autonomously invoke itself. It does not modify other skills or system-wide settings.