Back to skill
Skillv1.0.0
ClawScan security
Writing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 6:22 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only writing/style guide whose requirements and instructions match its stated purpose and do not request unusual privileges or external access.
- Guidance
- This is a coherent, instruction-only writing/style guide and appears safe from a permissions standpoint. Consider that the SKILL.md suggests "dispatching a subagent with your draft," which could cause your draft to be sent to another model or service depending on the platform runtime — if your drafts contain sensitive data, confirm how subagent invocation is implemented and whether text leaves your environment. Also note the included reference material is condensed from published books; if copyright or licensing is a concern, review those sources before redistributing. If you need stricter controls, disable autonomous invocation for this skill or avoid sending sensitive drafts to subagents until you verify data flow and retention policies.
Review Dimensions
- Purpose & Capability
- okName, description, and included files are all about prose style and copyediting; no unrelated binaries, env vars, or config paths are requested. The provided reference files (Strunk, Williams, Pinker, and an AI ban list) align with a writing/editing skill.
- Instruction Scope
- noteSKILL.md is an instruction-only policy for editing prose and references the included reference files. It contains one operational note: "Dispatch a subagent with your draft + the reference files for copyediting." That is within the writing task but implies the agent will forward user drafts to a subagent; depending on the runtime implementation that could send text to another internal model or an external endpoint. The skill itself does not name any external endpoints or request credentials.
- Install Mechanism
- okNo install spec and no code files to execute. Instruction-only skills have lower installation risk because nothing is written to disk or downloaded.
- Credentials
- okThe skill requests no environment variables, no credentials, and no filesystem paths. There is no disproportionate access requested relative to the stated purpose.
- Persistence & Privilege
- okalways:false and default autonomous invocation are used (normal). The skill does not request persistent system changes or elevated privileges and does not attempt to modify other skills or global agent configuration.