Back to skill
Skillv0.1.0
ClawScan security
Ouwibo: research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 6:24 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions match its stated purpose (web research and source-backed summaries) and it does not ask for credentials, installs, or elevated privileges.
- Guidance
- This skill is internally coherent and low-risk: it only instructs the agent to do web searches and cite 2–3 sources. Before enabling, confirm that the agent's web-browsing/search tool is trusted and sandboxed by your platform (the skill itself does not implement browsing). Be aware the agent will include external URLs — avoid clicking unfamiliar links and verify claims by checking the original sources. If you need stricter controls, require a vetted list of allowed domains or disable autonomous invocation for this skill in your agent settings.
Review Dimensions
- Purpose & Capability
- okName and description (web research, concise summaries with URLs) align with the SKILL.md. The skill requests no binaries, credentials, or installs that would be disproportionate to doing web-based research.
- Instruction Scope
- okInstructions are narrowly scoped to performing web searches, preferring 2–3 reputable sources, producing a short answer, and listing URLs. The SKILL.md does not tell the agent to read unrelated files, access environment variables, or transmit data to unexpected endpoints. It is somewhat implementation-agnostic (doesn't name which search tool to use), which is reasonable for an instruction-only skill.
- Install Mechanism
- okNo install spec and no code files — lowest-risk configuration. Nothing is written to disk or fetched at install time by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. This is proportionate for a research/summarization skill.
- Persistence & Privilege
- okalways:false and default model-invocation behavior. The skill does not request permanent presence or system-wide changes.