Back to skill
Skillv1.0.0
ClawScan security
Intake · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 10:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill for designing intake forms and workflows; its requested footprint (no installs, no credentials, no files) matches its stated purpose.
- Guidance
- This skill is instruction-only and coherent for its purpose, but remember: the outputs may include suggested questions that request sensitive personal, medical, or financial details. Before using templates with real people, (1) review and edit to collect only what you truly need, (2) avoid pasting real PII into prompts when testing, (3) ensure your intake process meets applicable privacy/regulatory requirements, and (4) don't treat the skill as legal/medical/financial advice—have a qualified professional review sensitive cases. Because the skill can be invoked by the agent, check how your agent uses it (trigger conditions) so it doesn't ask for private data unexpectedly.
Review Dimensions
- Purpose & Capability
- okName and description (designing intake forms, interviews, workflows) align with the SKILL.md content. The skill asks for no binaries, credentials, or config paths that would be unrelated to its stated purpose.
- Instruction Scope
- okThe runtime instructions are prose and templates for creating forms, interview guides, workflows, and audits. They do not instruct the agent to read system files, environment variables, or send data to external endpoints. The guidance explicitly cautions about privacy and avoiding unnecessary data collection.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing is written to disk or fetched at install time.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. It does include templates and example questions that may ask for sensitive information when used — which is appropriate for intake design but is a user-facing risk (see guidance).
- Persistence & Privilege
- okalways is false and the skill is user-invocable. Autonomous invocation is allowed by platform default but this skill does not request elevated persistence or access to other skills/configs.