Back to skill
Skillv1.0.0
ClawScan security
Behavioral Pattern Selector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 2:29 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper for choosing GoF behavioral patterns; its requirements and instructions are coherent with that purpose and it does not request unrelated credentials, installs, or persistent privileges.
- Guidance
- This is an instruction-only, reference-driven skill for selecting behavioral design patterns and appears coherent and low-risk. Before enabling it or allowing autonomous invocation, confirm the agent tools it will use (TodoWrite, Read, Grep) have acceptable permissions: Read/Grep will access repository files if present, and TodoWrite will persist task notes (check where those notes are stored and who can access them). Also verify you are comfortable letting the agent scan your codebase for pattern 'smells' if you provide one. No environment variables, downloads, or external endpoints are requested by the skill itself.
Review Dimensions
- Purpose & Capability
- okName, description, and declared dependencies align: the skill helps choose among GoF behavioral patterns and references only a design-pattern-selector dependency and pattern reference material. No unrelated binaries, env vars, or config paths are requested.
- Instruction Scope
- okSKILL.md contains stepwise guidance for classification and recommendation; it suggests scanning a codebase for behavioral 'smells' and using tools (TodoWrite, optionally Read/Grep). Those actions are directly relevant to the stated task and do not instruct access to unrelated secrets or external endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is downloaded or written by an installer. This is the lowest-risk install profile.
- Credentials
- okThe skill declares no required environment variables or credentials. The optional use of Read/Grep to inspect a codebase is proportional to the task of analyzing code for pattern smells.
- Persistence & Privilege
- okNo always:true privilege, no requests to modify other skills or system-wide settings. The skill uses TodoWrite to track progress (expected behavior) but does not demand permanent elevated presence.