Back to skill
Skillv1.0.0
ClawScan security
Repo Discovery Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 3:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and behavior are internally consistent with an audit tool: it only asks the agent to inspect repository files and tie findings to evidence, and it requests no credentials or installs.
- Guidance
- This skill appears coherent and safe in isolation: it only guides the assistant to read repository files and produce an evidence-backed audit. Before using it, be aware that the agent will access any repository content you provide—do not run it on repos containing secrets or private data you don't want inspected. Because it's instruction-only, review the SKILL.md text yourself and ensure the agent's file access scope is limited to the repo you intend to audit. If you need stricter control, run the audit in an isolated environment or with a copy of the repo that has secrets redacted.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md: the skill is an instruction-only repo auditor and its guidance focuses on reading high-signal files, mapping architecture, surfacing risks, and producing handoff notes. It does not ask for unrelated resources or credentials.
- Instruction Scope
- okRuntime instructions tell the agent to inspect repo files, identify frameworks, flows, maturity, and risks, and tie claims to evidence. This is appropriate for the stated purpose. There are no instructions to read unrelated system files, environment variables, or to transmit results to external endpoints.
- Install Mechanism
- okNo install spec or code is included (instruction-only). README suggests copying the folder into a local skills directory, which is a benign local installation step. Nothing is downloaded or executed.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The requested access (reading repository files) is proportional to the audit purpose.
- Persistence & Privilege
- okalways:false and user-invocable:true. Model invocation is allowed (default), which is expected for a skill that the agent will run. The skill does not request persistent system or cross-skill configuration changes.