Skillv1.0.0

ClawScan security

Content Repurpose · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 2:13 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and scope are consistent with a content-repurposing tool and do not request unrelated credentials, installs, or privileges.
Guidance: This skill appears coherent and low-risk for its stated purpose. Before using it, be mindful of these practical points: (1) If you provide a local file path, the agent will read that file — only supply files you intend to share (avoid system files, secrets, or unrelated directories). (2) The skill asks you to confirm rights for copyrighted or sensitive material; don’t paste paywalled content, private PII, or protected works unless you have permission. (3) The skill forbids external fetching and persistence, but always verify the agent’s actual behavior in your environment (confirm where the file tool reads from in your platform). (4) Review generated outputs before posting them publicly to ensure no accidental PII or claim changes. If you want higher assurance, ask the skill owner for details about the runtime environment's file-access boundaries.

Purpose & Capability: okThe name and description match the SKILL.md workflow: reading a text source and producing platform-specific variants. There are no unexpected environment variables, binaries, or installs requested that would be unrelated to content transformation.
Instruction Scope: okRuntime instructions stay within content-repurposing: accept pasted text or a plaintext file path, identify voice/claims, and generate platform-specific outputs. The skill explicitly forbids fetching external URLs, calling external APIs, and persisting content, and it requires flagging PII/copyright edge cases. Note: the skill expects the agent to read a provided file path via the file tool — this file-read behavior is appropriate for the purpose but means the user controls what files the agent will access.
Install Mechanism: okNo install spec and no code files — instruction-only skill. No packages, downloads, or archive extraction are present, which minimizes installation risk.
Credentials: okThe skill declares no environment variables, credentials, or config paths. It does not request unrelated secrets or services; this is proportionate to its stated function.
Persistence & Privilege: okFlags show always:false and normal user-invocable behavior. The SKILL.md explicitly instructs not to persist source content and not to store analytics or tracking; the skill does not request system-wide configuration changes or permanent presence.