Back to skill
Skillv1.0.0
ClawScan security
Bridge Pattern Implementor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 7:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only design/refactoring assistant that coherently documents how to apply the Bridge pattern and expects to read and modify a codebase — it asks for no credentials or external installs.
- Guidance
- This skill appears coherent and limited to design and codebase edits. Before using it: run it against a disposable or feature branch, back up your repo, and review all proposed changes/diffs before merging. Don’t grant Write access to a repository containing secrets or production-only configuration you don’t want altered. Because it has no external credentials or downloads, there is low supply-chain risk, but always inspect generated code and test in a safe environment.
Review Dimensions
- Purpose & Capability
- okThe name and description match the content of SKILL.md: it teaches/applies the Bridge pattern and asks for a codebase input. The declared tools (Read, Write, TodoWrite) and optional Grep/Glob are appropriate for scanning and modifying source code; no unrelated binaries, env vars, or external services are requested.
- Instruction Scope
- okSKILL.md explicitly instructs the agent to inspect the codebase (class hierarchies, platform-specific includes, file names) and to produce design/implementation changes. It does not instruct the agent to read unrelated system files, environment secrets, or transmit data to external endpoints. The scope is consistent with a refactoring/design skill.
- Install Mechanism
- okNo install specification or downloads are present — this is instruction-only, so nothing is written to disk by an installer and no external packages are pulled.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. Its required capabilities are limited to reading and writing the codebase (as declared). There are no unexpected credential requests.
- Persistence & Privilege
- noteThe skill is not forced-always and can be invoked by the user. It requires Write access to modify the codebase (normal for a refactoring assistant) — users should be aware they are granting file-modification capability and should review changes before committing.