Skillv1.0.0

ClawScan security

Vibe Prompt Compiler Portable · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 1:58 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The packaged files and runtime instructions are consistent with a prompt-to-handoff compiler for coding tasks; nothing requested is disproportionate to that purpose.
Guidance: This package appears to be a legitimate prompt/handoff compiler: its files, tests, and docs match the SKILL.md. Before running anything, review scripts/compile_prompt.py and scripts/create_handoff.py locally (they are included) to confirm there are no unexpected network calls or data uploads and to see exactly what local files they read when using --repo-root. If you run install.sh, note it copies everything into the chosen target directory (~/.local/share by default) — review its contents first. Be cautious when passing a repository root or other paths that may contain secrets (credentials, .env files, private keys); the tool is intended to read repo rules and examples, so only point it at directories you trust. Overall the skill is coherent with its stated purpose.

Review Dimensions

Purpose & Capability: okName/description match the included scripts (compile_prompt.py, create_handoff.py, prompt_lint, extract_repo_rules) and extensive templates/tests; required env vars/binaries/credentials are none. The code and docs all align with a portable prompt/handoff generator for coding agents.
Instruction Scope: noteSKILL.md keeps scope narrow and documents an 'auto mode' that compiles briefs mentally and only suggests running the bundled scripts when the user explicitly wants portable handoffs or repo-aware extraction. The scripts support reading repository rules via --repo-root/--repo-rules-file, which is expected for a repo-aware prompt compiler but means the tool will access local repo files when those flags are used — review what you pass as repo-root to avoid exposing secrets.
Install Mechanism: okThe registry has no install spec (instruction-only skill), which is low-risk. An install.sh is packaged but not forced by the registry; it simply copies files into a target directory and marks scripts executable. No remote downloads or obscure URLs are used.
Credentials: okNo required environment variables, credentials, or config paths are declared. The project mentions repo-aware features that read repository files when explicitly asked (via flags), which is proportionate to the stated functionality.
Persistence & Privilege: okalways:false and no special privileges requested. The skill is allowed to be invoked autonomously by default (disable-model-invocation:false), which is normal for skills. This combined with repo-reading flags means an agent could run the tool and read repo files only if the agent (or user) chooses to run the scripts or passes --repo-root; it does not request persistent system-wide changes or other skills' credentials.