Skillv1.0.0

ClawScan security

Big Class Responsibility Extraction · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 12:46 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only refactoring skill whose requirements and instructions are consistent with its stated purpose of analyzing and decomposing oversized classes.
Guidance: This skill appears coherent and instruction-only: it will need access to the target source file (and optionally your git history) so review where your codebase is provided. Because it reads code and may run git history queries, do not provide it with secrets or external repositories you don't want analyzed. Also review the dependent skills (change-effect-analysis, dependency-breaking-technique-executor) before use, since they may require additional access when invoked. No install occurs and no credentials are requested, so the main risk is simply exposing source or commit history — ensure you trust the environment or limit scope when running the skill.

Purpose & Capability: okName, description, and declared inputs (a large class source file, optional git history, current change) align with the actions described in SKILL.md (method/field inventory, heuristics, feature sketches, incremental extraction plan). The declared dependencies on related refactoring skills are coherent.
Instruction Scope: noteRuntime instructions stay within refactoring scope: reading the class file, enumerating methods/fields, applying heuristics, and optionally inspecting git history. One minor mismatch: SKILL.md suggests running `git log --follow -p <file>` for change history but the skill does not declare 'git' as a required binary; this is optional and not required for the core behavior.
Install Mechanism: okThere is no install spec and no code files — the skill is instruction-only, which minimizes install risk (nothing is downloaded or written to disk).
Credentials: okThe skill requests no environment variables, credentials, or config paths. It only requires access to the codebase and optionally git history, which is proportionate to its purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent or elevated privileges. It does not modify other skills or system-wide settings.