Back to skill
Skillv1.0.1
ClawScan security
Edi Parser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 10:19 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's description, declared requirements, and instructions are coherent for an EDI X12 parser: it is instruction-only, requests no credentials or installs, and stays within its stated purpose.
- Guidance
- This skill is instruction-only and internally consistent. Before using it: (1) test with non-sensitive sample EDI files to confirm parsing behavior and delimiter handling (ISA-16 can change sub-element separators); (2) do not feed confidential production documents until you confirm where agent outputs go (ensure your agent/platform won't leak parsed data to external services); (3) prefer skills with a known source/homepage for production use—if a future version adds code files or install steps, re-evaluate for supply-chain risks; (4) if you need Walmart-specific processing, verify the REF/N1/MAN handling against your trading partner agreements.
Review Dimensions
- Purpose & Capability
- okThe name/description (EDI X12 parser for 810/850/856) matches the SKILL.md content. The skill requests no binaries, env vars, or installs — which is proportionate for a parsing instruction-only skill.
- Instruction Scope
- okSKILL.md gives concrete parsing rules, envelope/segment mappings, Walmart-specific notes, and output formats. It does not instruct the agent to read unrelated system files, access credentials, or send data to external endpoints. It assumes the agent will be given or fed EDI text to parse, which is appropriate.
- Install Mechanism
- okNo install spec and no code files are present. That minimizes the on-disk code/runtime footprint and aligns with an instructions-only parser.
- Credentials
- okNo environment variables, credentials, or config paths are required. The declared requirements are minimal and proportional to the stated functionality.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by default (disable-model-invocation=false) but this is the platform default and not by itself a red flag here.