Back to skill
Skillv1.0.0
ClawScan security
Credence · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 3:16 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions align with its stated purpose (checking a public trust registry on GitHub); it only reads public registry data and does not request credentials or install software.
- Guidance
- This skill is coherent and low-risk: it only fetches public JSON and attestation files from a GitHub repo and references a public website. Before installing, verify the registry sources yourself (visit the GitHub repo and the credence.securingthesingularity.com pages) to confirm they are legitimate and unchanged. Be aware that the SKILL.md permits partial matching of names/URLs (which can yield false matches), and examples imply proceeding with installs for high scores — you should configure the agent to ask for explicit user confirmation before performing any installation. If you rely on Credence for critical security decisions, review its attestation files and methodology on the referenced site and confirm the GitHub repo contents match the expected registry.
Review Dimensions
- Purpose & Capability
- okName/description say it checks a public Credence registry. The only required binary is curl, which is appropriate for fetching the index/attestation files from raw.githubusercontent.com. OS restrictions and lack of credentials/config paths are consistent with a read-only registry lookup tool.
- Instruction Scope
- noteInstructions are narrowly scoped to fetching a public index.json from a known GitHub raw URL and reading attestation files from the same repo. Two minor notes: (1) the SKILL.md allows partial matching on repo URLs/server names which can produce false positives if multiple entries share substrings; (2) some examples state 'Proceed with the install' for APPROVED entries — that could be interpreted as automatically performing installs. The skill text does not itself run installs or ask for credentials, but operators should ensure the agent asks for user confirmation before performing any installation action.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk by the skill itself. This is the lowest-risk install model.
- Credentials
- okNo environment variables, credentials, or config paths are required. The registry is public and the URLs referenced are consistent with the declared purpose. No disproportionate access requested.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent privileges or modify other skills or system configuration. Autonomous invocation is allowed by default but not problematic here given the skill's read-only behavior.