Skillv1.0.1-alpha

ClawScan security

Advanced Dispatcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 12:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: it only computes deterministic routing plans (no external calls, no credentials, no installers) and the included code and tests match the SKILL.md behavior.
Guidance: This skill appears coherent and implements only routing logic (no network calls or credentials). Before installing: (1) review dispatcher.py yourself or run the included unit tests (test_dispatcher.py) to confirm behavior in your environment; (2) verify your platform enforces provider credentials and policy separately (the skill references Anthropic but does not request keys—platform will need keys to actually call those models); (3) if you are concerned about autonomous agent activity, remember autonomous invocation is allowed by default—restrict or audit skill invocation in agent policy if needed; (4) consider restricting or monitoring any use of the --force-claude flag if Anthropic usage is disallowed in your organization.
Findings: [no-findings] expected: Pre-scan injection/static scanner reported no suspicious patterns. The presence of model identifiers and Anthropic vendor strings is intentional and documented in SKILL.md and tests.

Review Dimensions

Purpose & Capability: okName/description match the implementation: dispatcher.py and tests implement deterministic routing rules, tradeoff and build pipelines, and explicit refusal of legacy flags. The models referenced in the routing table are appropriate for a routing skill and there are no unexpected credentials or system access requests.
Instruction Scope: okSKILL.md confines runtime behavior to classification/routing, pipeline composition, and policies about which models to prefer or forbid. It does not instruct reading files, environment variables, network endpoints, or transmitting data to third parties. The implementation enforces non-empty prompts, domain validation, and flag rejection as described.
Install Mechanism: okNo install spec is provided (instruction-only style). Code files are included but there are no downloads, brew/npm installs, or archive extraction. This is low-risk from an install vector perspective.
Credentials: okThe skill declares no required environment variables or credentials. Although it references provider-specific model IDs (openai-codex, opencode-go, anthropic), the skill only returns routing decisions and does not itself perform API calls or ask for keys, which is proportionate to its purpose.
Persistence & Privilege: okalways is false and the skill does not request system-wide persistence or modify other skills. Autonomous invocation is allowed (platform default) but the skill's actions are confined to returning RoutePlan objects.