Back to skill
Skillv0.1.0
ClawScan security
Comparative Synthesis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 7:28 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required assets, and behavior are coherent with its stated purpose of synthesizing completed DeepScan reports; it requests no extra credentials or installs.
- Guidance
- This skill appears coherent for cross-run synthesis and asks for nothing outside that scope. Before installing, confirm what the helper tools do: (1) verify summarize_evidence/get_deepscan_report access is limited to your DeepScan history and not arbitrary filesystem or unrelated services, (2) check run_python_plot's execution environment (can it run arbitrary Python, access files, or send data externally?), and (3) consider that DeepScan reports may contain sensitive or unpublished data—ensure any generated plots or summaries are stored or shared only where you expect. Also note the skill source is unknown/no homepage; if provenance matters, try to get or review the implementations of the referenced helper tools.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: the skill uses DeepScan-specific helpers (summarize_evidence, get_deepscan_report, run_python_plot) to aggregate and visualize cross-run findings. It does not request unrelated binaries, env vars, or config paths.
- Instruction Scope
- noteInstructions stay within the stated scope (aggregate DeepScan history, fetch specific runs, synthesize themes, optionally plot). Minor caveat: the skill delegates plotting to run_python_plot and data aggregation to summarize_evidence/get_deepscan_report — the security properties depend on those tools' implementations (e.g., whether they access other files or external networks).
- Install Mechanism
- okInstruction-only skill with no install steps or code files; nothing is written to disk by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested; requested access is proportional to the task of reading stored DeepScan reports.
- Persistence & Privilege
- okalways:false and user-invocable; the skill does not request permanent/always-on presence or elevated agent privileges.