Skillv1.0.0

ClawScan security

Class Responsibility Realignment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 19, 2026, 6:16 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are consistent with its stated purpose (automated refactoring): it needs read/write access to a project tree and tools to search and edit code, and it asks for no unrelated credentials or installs.
Guidance: This skill is coherent for automated refactoring: it needs permission to read and edit the project and to run searches and tests. Before installing or invoking it, (1) run it on a branch or a copy of your repository, not on main; (2) ensure you have CI/tests so compile-and-test steps catch regressions; (3) review any edits (code review) before committing or pushing; (4) avoid running it in directories that contain sensitive files or secrets (the skill will see repo contents even though it doesn't request credentials); (5) if you want stricter control, require human approval for any change the agent proposes or disable autonomous invocation for this skill. If the SKILL.md later adds network calls, credential requests, or instructions to push commits automatically, re-evaluate (those would be suspicious).

Review Dimensions

Purpose & Capability: okThe name/description describe class-responsibility refactorings and the SKILL.md asks the agent to read source files, grep for callers, and move methods/fields. Required tools (Read, Grep, Write, Edit and optional Bash) and the 'run inside a project directory' environment match that purpose. No unrelated binaries, env vars, or installs are requested.
Instruction Scope: okRuntime instructions are limited to repository-scoped actions: inspect classes, find callers, apply refactorings, and compile-and-test after each change. There are no instructions to read system-level credentials, send data to external services, or access config paths outside the project. Note: the skill presumes broad read/write access to the project files (expected for a refactoring tool).
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk by an installer — lowest-risk install footprint.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate to its purpose. Caveat: it will operate on whatever files are present in the project, which may themselves contain secrets—the skill does not request those secrets, but it will see them if present in the repo.
Persistence & Privilege: noteThe skill is not marked always:true and does not request platform-level privileges, but it does require write/edit access to project files and will perform (or instruct) code modifications and test runs. That level of file-system access is appropriate for refactoring but is powerful: changes should be made in a branch or copy and reviewed before committing/pushing.