Back to skill
Skillv1.0.0
ClawScan security
Grammar Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 2:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only English grammar/spelling/style checker that requests no credentials or installs and is consistent with its stated purpose; the main risk is that it will process whatever text the user supplies (including sensitive content).
- Guidance
- This skill appears coherent and minimal: it only needs the text you give it and the included reference file. However, because it processes user text directly, avoid submitting sensitive personal data, secrets, or confidential documents unless you trust the skill's source (owner and homepage are unknown). If you need to use this on sensitive content, prefer an officially vetted tool or run checks locally with a known tool. If you care about provenance, ask the publisher for a homepage, privacy policy, or source code before installing.
Review Dimensions
- Purpose & Capability
- okName, description, and runtime instructions align: the skill is a grammar/style checker and only requires analysis of user-provided text and a local reference file for categories. There are no unrelated credentials, binaries, or install requirements.
- Instruction Scope
- okSKILL.md limits actions to analyzing the user's text using the included check_categories.md reference and producing a structured report and corrected text. It does not instruct the agent to read system files, environment variables, or contact external endpoints.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only so nothing is downloaded or written to disk. This is the lowest-risk install model.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportional for a text proofreading tool.
- Persistence & Privilege
- notealways:false and model invocation is allowed (default). Autonomous invocation is normal for skills, but note the skill can be invoked by the agent when triggered. There is no request to modify agent config or persist credentials.