Skillv1.0.0

ClawScan security

Prompt Library Curator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 9:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only prompt library that only uses the included CSV/JSON/MD references and does not request credentials, binaries, or external installs.
Guidance: This skill appears coherent and low-risk: it only bundles prompt templates and instructions to export them. Before installing, note that the source/homepage is unknown (check provenance if that matters). Also avoid pasting sensitive data into prompt placeholders ({product}, {report}, {text}, etc.), since prompts may be stored or used by the agent. If you need provenance or licensing guarantees, ask the publisher for a homepage or license information.

Purpose & Capability: okName/description (curating multilingual prompt packs and exporting in Markdown/JSON/CSV) matches the provided files (references/prompts.*) and the SKILL.md guidance; nothing requested or included is outside that scope.
Instruction Scope: okRuntime instructions tell the agent to ask about categories/language/level and to generate outputs from the packaged reference files only. There are no instructions to read other system files, call external endpoints, or access unrelated environment variables.
Install Mechanism: okNo install spec or code to download/execute. This is instruction-only with bundled reference files, which is the lowest-risk install model.
Credentials: okThe skill declares no required env vars, credentials, or config paths; that is proportional to a prompt library curator which only needs static prompt templates.
Persistence & Privilege: okalways is false and the skill does not request any persistent system privileges or modify other skills' settings. It is user-invocable and may be called autonomously by default, which is expected for skills.