Back to skill
Skillv1.0.0
ClawScan security
Anti Centralization Probe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 2:56 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only skill that is internally consistent with its stated purpose and requests no extra privileges, but minor provenance/metadata inconsistencies are present and should be checked before trusting with sensitive inputs.
- Guidance
- This skill appears coherent and low-risk technically (instruction-only, no credentials). Before installing: 1) Verify the author/provenance because registry metadata and embedded metadata differ and there is no homepage; 2) Do not feed secrets, private keys, or raw financial credentials into the skill—only provide redacted or synthetic inputs for testing; 3) Review and validate any recommended governance changes with human experts before applying them; 4) If you rely on this for critical decisions, prefer testing on non-sensitive proposals and compare outputs against other reviewers.
Review Dimensions
- Purpose & Capability
- noteThe skill's name, description, and runtime instructions align: it analyzes proposals for single points of control and proposes decentralization alternatives. However, registry metadata (owner ID and version) differs from the included _meta.json/SKILL.md metadata and there is no homepage or clear source, so provenance is unclear.
- Instruction Scope
- okSKILL.md provides narrowly scoped instructions (map control points, count single points, propose alternatives) and includes safety rules forbidding operational abuse and custody/financial recommendations. It does not instruct reading unrelated files or environment variables.
- Install Mechanism
- okNo install spec and no code files beyond static markdown—nothing is written to disk or fetched at install time. This is the lowest-risk install profile.
- Credentials
- okThe skill requires no environment variables, binaries, or credentials. There is no request for unrelated secrets or config paths.
- Persistence & Privilege
- okThe skill is not always-on and uses normal autonomous invocation settings. It does not request elevated persistence or modifications to other skills or system-wide settings.