Back to skill
Skillv1.0.4
ClawScan security
Fact Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 28, 2026, 4:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and required artifacts are coherent with its stated purpose of local fact-checking against the project's FINDINGS.md, score files, memory logs, git history, and a localhost status API.
- Guidance
- This skill appears to do what it claims: it will read files under projects/hybrid-control-plane (FINDINGS.md, data/scores/*.json, CHANGELOG.md), memory/*.md, run git log in that project, and query a local service at http://localhost:8765/status. Before installing/use: (1) confirm you trust the local /status service and the project files it will read (they may contain sensitive data); (2) review the bundled scripts yourself (they are included) — the code is readable and only performs local reads, a git log, and a localhost HTTP GET; (3) be aware the script uses the requests library and a user-specific shebang path in the file header (non-portable but not harmful); (4) run the script on non-sensitive drafts or in an isolated environment if you are unsure. Minor notes: SKILL.md version (1.0.3) differs from registry version (1.0.4) and the script's shebang points to a local /Users/loki pyenv path — these are portability/information hygiene issues, not security blockers.
Review Dimensions
- Purpose & Capability
- okThe SKILL.md and scripts both state that verification comes from FINDINGS.md, local score JSON files, memory/*.md, git history under projects/hybrid-control-plane, and a localhost /status API. The code reads exactly those paths and calls http://localhost:8765/status and git log; these requirements match the stated purpose.
- Instruction Scope
- okRuntime instructions are narrow: run the bundled Python script on a draft file, parse its output, summarize contradictions, and suggest corrections. The script only reads local workspace files, score JSONs, memory logs, and runs a local git command. It does not attempt to read unrelated system config or request external endpoints.
- Install Mechanism
- okThere is no install spec (instruction-only skill plus bundled scripts). The SKILL.md lists python3 as a required binary which is appropriate. Nothing is downloaded from the network or installed to disk by the skill itself.
- Credentials
- okThe skill does not request environment variables or external credentials. It reads local project files and a localhost API which is proportionate to fact-checking claims against local test/run data. Note: those local files and memory logs may contain sensitive project information — access is justified for the skill's purpose but should be considered by the user.
- Persistence & Privilege
- okThe skill does not request always:true or any elevated persistence. It runs as-needed and uses subprocess exec (git) and a local HTTP request; these are normal for this function.