Back to skill
Skillv1.0.0
ClawScan security
AI Prompt Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 2:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are coherent with its stated purpose (generating and analyzing prompts), request no credentials or installs, and do not perform suspicious I/O or network activity.
- Guidance
- This skill appears to be a simple, local prompt-generator implemented in Python and is coherent with its description. Before running: (1) inspect the script (you already have it) and run it in a trusted environment; (2) be aware of a minor functional mismatch between SKILL.md and the template-selection logic (it may not honor some style/subcategory choices exactly); (3) if you plan to integrate this into automation, verify no network calls are added later and avoid providing secrets (none are required). Overall it is low-risk but review any code you run on your machine.
Review Dimensions
- Purpose & Capability
- okName/description match the included code and SKILL.md: both provide local prompt-generation and analysis for various AI platforms. The skill does not request unrelated binaries, environment variables, or external services.
- Instruction Scope
- noteRuntime instructions and the Python script operate locally and only produce prompt text and analysis; they do not read external files, access the network, or exfiltrate data. Minor functional incoherence: the SKILL.md describes style/category options but the code's template-selection logic defaults to a 'creative' template when available (it doesn't actually select templates based on the requested subcategory keys like 'algorithm'/'web'), so behavior may differ from user expectations but not a security risk.
- Install Mechanism
- okNo install spec is present; the skill is instruction-only + a single Python script. Nothing is downloaded or written to disk by an installer step beyond the skill file itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The code does not reference any secrets or external credentials.
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable only. It does not modify other skills or system configuration and does not request elevated persistence.