Skillv1.0.0

ClawScan security

Dependency Breaking Technique Executor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 1:47 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required tools, and included reference material all align with its stated purpose of selecting and executing Feathers' dependency‑breaking techniques for making legacy code testable.
Guidance: This skill is coherent and appears to do what it says: guide, select, and execute Feathers' dependency‑breaking steps. Before using it, make sure you (or your CI) run it against a copy or feature branch: the techniques intentionally perform conservative, sometimes ugly, intermediate edits to make code testable. Ensure you have version control/backup, run the full test suite after edits, and review the proposed code changes (especially automated edits run via the agent) before merging. If you want stronger assurance, skim the included references/all-techniques.md and selection-table.md to confirm the exact mechanics the agent will follow.
Findings: [no_regex_findings_instruction_only] expected: The static regex scanner had no findings because this is an instruction‑only skill (no executable code). That is expected for a textual refactoring guide and does not imply missing checks; manual review of the instructions and references is the primary surface.

Purpose & Capability: okName, description, and provided reference files (24 techniques, selection table) match the declared goal of choosing and executing dependency‑breaking techniques. Declared tools (Read, Edit, Bash) are appropriate for making code edits and running tests; there are no unrelated binaries, credentials, or external services requested.
Instruction Scope: okSKILL.md instructs the agent to classify the obstacle, pick a technique from the included selection table, apply step‑by‑step code edits, run tests, and document changes. Those actions are exactly the scope needed for breaking dependencies and do not direct the agent to read unrelated system files, exfiltrate secrets, or contact unexpected endpoints.
Install Mechanism: okInstruction‑only skill with no install spec and no code files to run. Nothing is downloaded or written by an installer; the agent will operate on the user's codebase using editorial and shell tools, which is appropriate for a refactoring helper.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill needs access to the codebase and test harness (expected for its purpose) but does not request unrelated secrets or system credentials.
Persistence & Privilege: okalways is false and model invocation is not disabled (normal). The skill does not request permanent platform presence or attempt to modify other skills or system‑wide agent settings.