Back to skill
Skillv1.0.2
ClawScan security
Implementation Plan · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 5:28 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only planning skill that asks clarifying questions and outputs implementation plans; it requires no installs, credentials, or file access and is internally consistent with its stated purpose.
- Guidance
- This skill appears coherent and low-risk: it only produces plans and small example snippets. Still, don't paste sensitive credentials or private source code into prompts, and review any generated code for security, licensing, and correctness before using it in production.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description match its instructions: it generates implementation plans, templates, and code snippets. It does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- okSKILL.md limits runtime behavior to asking clarification questions and producing plan templates and short code snippets. It does not instruct the agent to read system files, environment variables, or transmit data to external endpoints.
- Install Mechanism
- okNo install spec or code files are present; this is an instruction-only skill so nothing is written to disk or downloaded during install.
- Credentials
- okNo environment variables, credentials, or configuration paths are required or referenced. The declared requirements are minimal and proportionate to a planning task.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent/system-wide privileges or modifications to other skills or agent settings.