Back to skill
Skillv1.0.1
ClawScan security
sdlc- get software development life cycle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 1:33 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only SDLC assistant is internally coherent with its stated purpose and does not request extra credentials, installs, or suspicious privileges.
- Guidance
- This skill appears to do what it says: role-aware SDLC guidance using the included reference files. Before installing or using it, avoid pasting sensitive secrets (API keys, passwords, private keys) into chat prompts. If you accept the skill offering to generate longer documents via a 'docx' or other downstream skill, check that the downstream skill's permissions and data handling meet your policies (e.g., whether it uploads content externally or stores files). Because it can be invoked autonomously by the agent (platform default), consider whether you want to allow automatic runs in contexts where the agent may be given project-specific confidential details.
Review Dimensions
- Purpose & Capability
- okName/description match the behavior: it provides role- and methodology-aware SDLC guidance. It requests no binaries, env vars, or external services that would be disproportionate to giving process guidance.
- Instruction Scope
- okSKILL.md only instructs the agent to ask clarifying questions, load the included reference files, produce role-specific guidance and templates, and optionally call a 'docx' skill for long documents. It does not instruct reading unrelated system files, accessing credentials, or transmitting data to unexpected endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes disk writes and arbitrary code execution risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The actions described in SKILL.md do not rely on secret material.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). The skill does not request permanent presence or modify other skills or system-wide settings.