Skillv1.0.1

ClawScan security

Longform Blog Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 7, 2026, 1:19 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Instruction-only blog-writing skill that is internally consistent with its description: templates and quality checks, integrates an external Concept Decoder, requests no credentials or installs.
Guidance: This skill is an instruction-only blog-writing template and appears coherent with its stated purpose. Practical things to consider before installing or invoking: - The skill will call an external Concept Decoder at https://clawhub.ai/onlybelter/concept-decoder and expects the agent to verify facts and fetch citations; that means parts of your prompt/content may be sent to external services. If you will provide private or sensitive prompts, avoid including secrets or proprietary text. - The skill mandates citation and factual verification but doesn’t specify which web sources or search method will be used, so always manually review and verify references and quoted facts before publishing. - No credentials or installs are required, so there is low platform privilege risk. If you need stronger privacy guarantees, ask how the agent performs fact-checking (which services it queries) or avoid sending confidential content to the skill.

Purpose & Capability: okThe name/description (longform, structured blog writing) matches the SKILL.md instructions: detailed templates, mandatory historical/contextual/citation checks, category-specific requirements. Required capabilities (none) are appropriate for an instruction-only writer skill.
Instruction Scope: noteThe runtime instructions are detailed and stay on-task, but they explicitly instruct the agent to call an external Concept Decoder endpoint ([CALL: concept-decoder @ https://clawhub.ai/onlybelter/concept-decoder]) and to 'verify all factual claims' and provide citations. That implies web access and outbound data sharing of the article content or extracted concepts to external services. This is coherent for the stated purpose (concept decoding, citation checks) but is the primary privacy/network surface to be aware of.
Install Mechanism: okNo install spec and no code files — lowest-risk delivery model. Nothing is written to disk or downloaded during install.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. Requested access is proportional to its function; there are no unexplained secret requests.
Persistence & Privilege: okalways:false and default agent invocation settings. The skill does not request permanent/privileged presence or to modify other skills' configs.