Back to skill
Skillv1.0.1
ClawScan security
Code Planning Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 24, 2026, 9:10 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only planning agent whose requests and runtime instructions are consistent with its stated purpose and do not ask for credentials, installs, or access to system resources.
- Guidance
- This skill is instruction-only and appears internally consistent with its goal of producing implementation plans. Before installing, confirm you won't later grant it additional environment variables, file-system access, or install hooks that could change its behavior. Also be aware that the agent may ask for detailed project information (which could include proprietary details) while creating plans — avoid sharing secrets unless you intend them to be part of the plan.
Review Dimensions
- Purpose & Capability
- okThe name, description, and SKILL.md all describe producing implementation plans. The skill requires no binaries, env vars, or config paths — nothing requested is unrelated to planning.
- Instruction Scope
- okThe SKILL.md contains only planning workflow, question prompts, and a plan format. It does not instruct the agent to read files, access environment variables, make network calls, or modify the system. It explicitly forbids implementation or editing files.
- Install Mechanism
- okThere is no install spec and no code files. As an instruction-only skill, it does not write code or fetch external artifacts.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — proportionate for a planning-only capability.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request elevated or persistent privileges. Autonomous invocation is possible (platform default) but the skill itself does not widen the blast radius.